MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
SHA3-384 hash: 4256fa4d0d6bfd9926455ce9b17eb547d0d62c01ffc9b9b286f171b5931464b5e43292101379117e55ad767d541f24df
SHA1 hash: dcec6218f287709ade8cd9124b89510fd3be353d
MD5 hash: 346beb12538dc518a7b51c6fbff1c64d
humanhash: jupiter-lactose-potato-alaska
File name:056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-14 18:01:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:FZXI98pvn3IARD83dKkFICdy2wsXNbDYgZ31EyNEgfdx0tjKkaGInR+HlZzm56Mh:FZVn3hOoxn2wVqeKP5UhulLhJ9FCe
TLSH 023522D7F9BC8470CAED297F8993123C968A85E85D05D10B4778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 18:03:28 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=avwsskh3ep6sfhg5xg3zvqee4whdgqgezdskia6oxaorjf2jrevq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201114-pvwwrhvlx2/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
52967f6ba913e7e9d7e4d2fdfa5cae1b60c6eb7043c919f1cb37b44e9470a851
MD5 hash:
10f0b4055e20a263a0b027a3e681c810
SHA1 hash:
110a5bd1db6b78ee9c5ca0c2a74c6d8ee3da6c88
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3d3fa746-7121-406b-b52a-86697c5c155c/
Parent samples :
acb1a2562d23cd06da04a144712d3a0fbe7a7c37cd7532a2f0986803e44554ce
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
SH256 hash:
2be35428014628ef9eed837eac2bc7f3626a854a0f4d3c0f27cece3bbb5ee978
MD5 hash:
46072bf9e9af6d581b8888ab5c00dee3
SHA1 hash:
e617c32f92e726a6e2debf04b273e06a3b5fc78f
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3d3fa746-7121-406b-b52a-86697c5c155c/
SH256 hash:
056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
MD5 hash:
346beb12538dc518a7b51c6fbff1c64d
SHA1 hash:
dcec6218f287709ade8cd9124b89510fd3be353d
Link:
https://www.unpac.me/results/3d3fa746-7121-406b-b52a-86697c5c155c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments