MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa20a519c10bb39da0463d8364fccb71dc226843c5cd7d71dd225e5b1a4c9a01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 2


Intelligence 2 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa20a519c10bb39da0463d8364fccb71dc226843c5cd7d71dd225e5b1a4c9a01
SHA3-384 hash: 1c95b2667008715337deb0a91c1678f381513efac3f2fddc6fc07391e70814484198c34b5e1de40a898fefe88716b2db
SHA1 hash: 2aeaaf38c32b7f426660236e74bb2532327981ea
MD5 hash: 28e2fecb5fc16eebf929ddec0f6a4290
humanhash: mango-lion-speaker-earth
File name:S7.zip
Download: download sample
Signature Quakbot
Create hunting rule
File size:319'713 bytes
First seen:2022-11-17 15:19:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: SK16
ssdeep 6144:yN+2e6ljb27F05CvUNc1QlisFHJ/NJyKWVXSDAOsKMvrgjC3VLWEl3c5cNd:tP65yp05RAm9qSbsKy4UVLDceNd
TLSH T12D64238540CAD7A8B3561962302C2DD7778521FE27BC96297F1D667A8A0024EDFC1F78
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter pr0xylife
Tags:1668683197 pw-SK16 Qakbot qbot Quakbot zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
242
Origin country :
IE IE
File Archive Information

This file archive contains 19 file(s), sorted by their relevance:

File name:UY76.zip
File size:319'547 bytes
SHA256 hash: 451e5353ca08889889954cf87c996299207f3e862fef83411e5ec34e0846ce71
MD5 hash: 24ba387def3000f1b07b3cc3c90fdefb
MIME type:application/zip
Signature Quakbot
File name:resemblance.tmp
File size:707'584 bytes
SHA256 hash: 8ca16991684f7384c12b6622b8d1bcd23bc27f186f499c2059770ddd3031f274
MD5 hash: 0cffee80be59c6316a7132446b0da699
MIME type:application/x-dosexec
Signature Quakbot
File name:403
File size:6'475 bytes
SHA256 hash: 4638a90fd7a4d72e886daf44f7bc86e5efcc08ea455372b19baeb34ec08fccbb
MD5 hash: abb6939ebbad35411249c470515243fd
MIME type:application/gzip
Signature Quakbot
File name:249
File size:12'162 bytes
SHA256 hash: 90be019b29b9b414c06ad26160d6c7f4b4f5d4f7f87779867db7d9bcd2090bd7
MD5 hash: a99e0b3ef0f025a9d3c6412032d0c1e7
MIME type:image/png
Signature Quakbot
File name:406
File size:4'213 bytes
SHA256 hash: 031593eae9e111b1d3ef442d98d49e5fbc68156d0492c9005e4c5cbd657ae45c
MD5 hash: 709e854c3fd0c4abd50e6007c18fad45
MIME type:application/gzip
Signature Quakbot
File name:247
File size:402 bytes
SHA256 hash: 5c35047b777eaa14b8023955626e9179776463407b30309065c7687558e6023b
MD5 hash: 16a04935b05532f2afac6e3550b93cec
MIME type:image/png
Signature Quakbot
File name:128
File size:10 bytes
SHA256 hash: 5da519d7d19cb0604282f08bb5b0be1b939d07bf0eeb9495801eac6b54360460
MD5 hash: 15cc7be0aaf63828bbffa9b1b551aca9
MIME type:application/octet-stream
Signature Quakbot
File name:408
File size:4'463 bytes
SHA256 hash: de81c1752d7483b6c533399f8b5b0ec80d2b80627cfb5108a4f97c598cbcf32a
MD5 hash: e8f722b9d7aba6088eba658ffd2d9061
MIME type:application/gzip
Signature Quakbot
File name:399
File size:7'312 bytes
SHA256 hash: 6ad940732a4749db7991465c91dfd457dd3cf7bd210577a506119d2f4ec2d0e0
MD5 hash: 6178cacafc6ec0748ccea1c51b73508e
MIME type:image/svg+xml
Signature Quakbot
File name:data.txt
File size:4 bytes
SHA256 hash: d8fe2b17e090515cc50d18b20ccd07f427d793819f45c95b93301968895c59d6
MD5 hash: d5aa073a3b23d7c09b6dd85845fe043c
MIME type:text/plain
Signature Quakbot
File name:405
File size:2'827 bytes
SHA256 hash: 16ec80542c90a47a97dd92cdb6ebc11a9f45bf1b720f9f29eda4708da210e2ff
MD5 hash: 1b4b1eecef6c5e5747a7b829a9594ae7
MIME type:application/gzip
Signature Quakbot
File name:246
File size:9'751 bytes
SHA256 hash: 36fb53eb6767cda9ccb29bc187e1dbc056e585870d8d46596c72ce09c7c1f5b4
MD5 hash: fee9c8a0933a8c2347f1ec4fa978922e
MIME type:text/xml
Signature Quakbot
File name:250
File size:901 bytes
SHA256 hash: fe0c6fb861103e9a32d7921e860935c67770e5697fc5113171775bfa3a313edb
MD5 hash: 5bed52e7681e2aeb37691118d05301ab
MIME type:image/png
Signature Quakbot
File name:248
File size:188 bytes
SHA256 hash: b37ce48fd1718171dad0de6ad0d37224f4f8b408afcd40a1933312ea10193be5
MD5 hash: 8a6074acff71097c868bd8f82329b850
MIME type:image/png
Signature Quakbot
File name:2
File size:381 bytes
SHA256 hash: 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
MD5 hash: 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
MIME type:text/xml
Signature Quakbot
File name:401
File size:5'505 bytes
SHA256 hash: 623b3edd04dd9b432bdf3a8ef31491a811403e337dba73bd6acb0220e7c6ed83
MD5 hash: 3e7090451554d346ecde44f5d93b2efa
MIME type:application/gzip
Signature Quakbot
File name:opinionate.txt
File size:87'900 bytes
SHA256 hash: 3f13d66ea43ead0a8f0c5233806605abf1d6a37aa27ba8b61d4a3ca9f499911d
MD5 hash: fe66eb2c982ac8755c31017f2b63ce0d
MIME type:text/plain
Signature Quakbot
File name:402
File size:4'087 bytes
SHA256 hash: 5fb4a35d1821b412f2fd253320628790b2e8f00f1ecb151f1cdd4e4d7e34045e
MD5 hash: bfc6e5c0f082542f5dfa111303dab7ed
MIME type:application/gzip
Signature Quakbot
File name:WW.js
File size:9'767 bytes
SHA256 hash: c5df8f8328103380943d8ead5345ca9fe8a9d495634db53cf9ea3266e353a3b1
MD5 hash: 7805b0885e64e4ab56bbee1e7a42db0b
MIME type:text/plain
Signature Quakbot
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/fa20a519c10bb39da0463d8364fccb71dc226843c5cd7d71dd225e5b1a4c9a01
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa20a519c10bb39da0463d8364fccb71dc226843c5cd7d71dd225e5b1a4c9a01/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7iqkkgobbozz3icghwbwj7glohoce2cdyxgx24o5ejpfwgsmtiaq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:PassProtected_ZIP_ISO_file
Create hunting rule
Author:_jc
Description:Detects container formats commonly smuggled through password-protected zips
Rule name:QakBot
Create hunting rule
Author:kevoreilly
Description:QakBot Payload
Rule name:unpacked_qbot
Create hunting rule
Description:Detects unpacked or memory-dumped QBot samples
Rule name:win_qakbot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.qakbot.
Rule name:win_qakbot_malped
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.qakbot.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

zip fa20a519c10bb39da0463d8364fccb71dc226843c5cd7d71dd225e5b1a4c9a01

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2423276/
  
Delivery method
Distributed via web download

Comments