MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 006924d99c0d423e464f5b8d0f594550d96b5d312549d1debe709a5298faf4aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 006924d99c0d423e464f5b8d0f594550d96b5d312549d1debe709a5298faf4aa
SHA3-384 hash: a2f5b94f8c6dc5d3ea5bf44164544ac87902a1e142ab90f1703c7d6d90964d12499d1cae1376de6ed47dcef8e68df1a9
SHA1 hash: c00a2e0422c16284a82aa8d349c4a04cb26aea8c
MD5 hash: 8462e4ec06e35aaee40cf41b3507ed79
humanhash: lima-nineteen-rugby-edward
File name:imtaykad.bin
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'144'848 bytes
First seen:2020-06-16 14:31:28 UTC
Last seen:2020-06-16 16:05:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a73e81590e871f99f277a08cb7003648 (1 x Quakbot)
ssdeep 12288:OD8HwlQD2UML/axdZPXGKE9WXvO0RVMFnYkfgn6ggKA/cm9:OD8Hh2UM7HKEQzRGGkfg93ob
Threatray 424 similar samples on MalwareBazaar
TLSH 7535F12BB890464FC565C8B684F181F129A9EFFE423A704F1DB075A69CE2FD64C41C9B
Reporter JAMESWT_WT
Tags:Qakbot Quakbot

Code Signing Certificate

Organisation:XYXLIJAWWFYCNAVMTC
Issuer:XYXLIJAWWFYCNAVMTC
Algorithm:sha1WithRSA
Valid from:Jun 16 08:58:06 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -3523AD7BCF3A924DB51E0F53B71C5438
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: BBAA52B62E8082E6F58744B77A7F8A446CB487001DBEFF7C8F57956CA1DC63FA
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/11048/
Detection(s):
SecuriteInfo.com.Troj.Qbot-FS.23460.5388.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 14:33:04 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=abusjwm4bvbd4rsplogq6wkfkdmwwxjreve5dxv6ocnffgh26sva._file
Verdict:
malicious
Similar samples:
053f8d5670c666f54c76fc8f3273ed916b1c323bc1a6c71a13f9f02a4746a061
Quakbot
24f0117431531a4c2b31b595ca84bd1eb8741a80fe891da921b4ed65581ff91a
Quakbot
458f1e9ff95b22691bc8373b9a0829853404f0abbd2151504c030ca028ec15f9
Quakbot
7a35e95b5c5ad0c2ca40f25acd09a0ca481254bf034ff198777ad1abd071d809
Quakbot
974dee1b8ccdad03fcbed6849802dd1d25d3d4c655749fd910733746a1b1f3c2
Quakbot
aec4a8545ebb046d6f354225d51130616b6617b4d71f90f1e206864fb90c982c
Quakbot
ba6ded55cdc59716506edd0454c47192a9401508b121c546b36763b8147182a9
Quakbot
c6f428373659b634d0f0a9f23c7afec8a4bab7ee2161582708e76539631bc708
Quakbot
caf2d5a1f94824ae9f51e8ad1bcd06f57f1ca1c84e14a228593659de6347c9c9
Quakbot
f392fec11d15f4c5ca3f5c340c28e99bd19f99d59422b5598fd818be653502bb
Quakbot
+ 414 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
evasion trojan banker stealer family:qakbot
Link:
https://tria.ge/reports/200624-wvw86adgza/
Behaviour
Suspicious behavior: MapViewOfSection
Runs ping.exe
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Windows security modification
Loads dropped DLL
Executes dropped EXE
Turns off Windows Defender SpyNet reporting
Windows security bypass
Qakbot/Qbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/11048/

Comments