MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
SHA3-384 hash: bed35aa5cc33e9696aede9c0c2fb3238da2fdab512dceba73daaf2bf640dcf0f747bffac27b3521e3c8271d9cbce9f88
SHA1 hash: 1c0debd6bf76ccd2cbccd7773d2d74f88e4f5815
MD5 hash: 928a25c22895bdaac6c20d31191a40b1
humanhash: bacon-montana-low-item
File name:03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
Download: download sample
Signature QuakBot
Create hunting rule
File size:258'576 bytes
First seen:2020-11-11 11:04:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 303f89b8f429d52fa9a67ddad2dbfa52 (160 x QuakBot)
ssdeep 6144:6dtJ9rtpMBa72/oytPqb+z0qLivK7WzR7mMK+:6d1rMBgkoytF0qLGK70Rt
Threatray 1'085 similar samples on MalwareBazaar
TLSH 2E44E1C1A7E80184F6EBA2B74477C3103A127C9D693D9B7F1AF5B1EC2931A219D2871D
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.QakBot.11.11733.4101.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:06:21 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=apz5qdbnm3qj6gwidfw65vooyh7bvhzvag5d7neluljiec37s7za._file
Verdict:
malicious
Similar samples:
3ad143fe091e2398207ac89ed82cc31f5bee574def93abd938e001b35898fbbc
QuakBot
4ee716a44f07ac2aa5397b3b6af637c018c52a64abbb0d9ec0669f875b508b0a
QuakBot
5c4243b2a27c731bdbf29375d308252fbf0e071b6ea0bed813b61cfe6926e738
QuakBot
73efa825c8ac05d163d714fa32c9761a7850b3955207690ebacf661cdfb15f9f
QuakBot
7acf54afb2da619579c75936b67be5d13997bce00fca3959696e3956bcf628fb
QuakBot
9f90bdf9ba391e45d111d84c6f59f074410928c306feef877ee9e1a2e0668f16
QuakBot
d1457d2c3473bab86d18d4cf8b4f74647eb6a2cb0979666a30a4f85fe8e23f9d
QuakBot
d4052d07c4e75c4f6be0d88a06fb94ce37091d6b84c3e34c51dff8382a2b2996
QuakBot
d9b5e7443c3d48d18c5da2ce0dbd958cdc6eac082bede6ba35a8531a5a39470e
QuakBot
e55c191f081d06d46846f73db4d847c3a08da2a517b70ee119f2586c308ebd1d
QuakBot
+ 1'075 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201111-a11mzh9tns/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
MD5 hash:
928a25c22895bdaac6c20d31191a40b1
SHA1 hash:
1c0debd6bf76ccd2cbccd7773d2d74f88e4f5815
Link:
https://www.unpac.me/results/ca7aa071-60b0-4794-a956-6ab8bd15c533/
SH256 hash:
f7cd55414bb44acec7d77c6d14c9d2faf4c7b08a4910b463938736f2c4bbda0a
MD5 hash:
f704acaa4ecb397e1e41187e3f9d52c8
SHA1 hash:
8db8857018a24f5d51682390f68927f042f6eee4
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/ca7aa071-60b0-4794-a956-6ab8bd15c533/
SH256 hash:
99ea9ddde1f4179037aaf948b0920f6ae80e1e4c738053ebde9be3283c9430de
MD5 hash:
1401d43f02aa09c746340ef704deb891
SHA1 hash:
f60460fbd3358a8a95b39f03919afa389a796d85
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/ca7aa071-60b0-4794-a956-6ab8bd15c533/
Parent samples :
2450297d7ef66a5573ab6450aa5578f7e4c293b809f02cdac7126ad55f0e8549
768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
1b8fe9bfaa3f6ab8be12321c2198bb3ca39c6da867dbb503f5a1a3433d099d05
670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
4691eecceb853d64d7f30e0e901a9df4f385eaca43c5c441dd7100298fbdca71
674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments