MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05dfe375882ae3bdc369364183fec96c138cfc88f39083ffef774a73bcd60d9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05dfe375882ae3bdc369364183fec96c138cfc88f39083ffef774a73bcd60d9a
SHA3-384 hash: a9008342140890c064e375ce5c9b707a27423e6589b05246c26f9089cf7aa0bfcb74a0c1971ea15217b3adfec3741c26
SHA1 hash: bfa4b94ee5cf1f73e58c189aef5f1df00e2b1893
MD5 hash: 3e923f31dee89549e91d0308ea01fceb
humanhash: pizza-angel-white-helium
File name:SecuriteInfo.com.Trojan.Inject3.36726.27443.7132
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'933'488 bytes
First seen:2020-03-27 11:32:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9ee4ed01bfe13d806c541c96307484aa (12 x Quakbot)
ssdeep 6144:n/JeE4Pgr8zR7vgIgFYfx7l+fOMBKAwF5k91YEB:n/QYr8zR7IIgSfBl+3K55oYe
Threatray 400 similar samples on MalwareBazaar
TLSH 6B95E0F1093ECDCAED683A7C7254319828662E6D5FAC102D3B90C30D53AF1D25B675AE
Reporter SecuriteInfoCom
Tags:Quakbot

Code Signing Certificate

Organisation:LGESEQEGSXZAQNNUWA
Issuer:LGESEQEGSXZAQNNUWA
Algorithm:sha1WithRSA
Valid from:Mar 22 09:46:13 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 2DA3DA2622DB9385478FA24E7403ADD4
Intelligence: 12 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: B9EF497FCB4B3B7C58A429E638E5DF77503C102A0C1382C9064A69D7A27B1366
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Qakbot-7641289-0
Create hunting rule

Win.Packed.Qakbot-7641290-0
Create hunting rule

Win.Dropper.Qakbot-7641291-0
Create hunting rule

Win.Dropper.Qakbot-7641367-0
Create hunting rule

Win.Dropper.Qakbot-7646363-0
Create hunting rule

Win.Dropper.Qakbot-7684636-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 11:35:30 UTC
File Type:
PE (Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
00b59eade19545477c3155bc27f7b24c5dbfc2ae7469e9c56d8225d45f794679
Quakbot
191465daa926443b52e0ac1a5364c608c5adc54cdb8bac976e4b5938eeffd39c
Quakbot
45c2fcb5d1745df23fe1d235ca891158c85b5888bc5883e05a4a27ddadcde46e
Quakbot
60abb8176e0ea3f2f85fa12a931f61930e052110de2d5aef79c390d96f841f2f
Quakbot
7a67299805556f9cd973fc12c8a6baef293e8413ed035165a04394ec67c2cf4f
Quakbot
8d694c37617e5fd8daa8e445f74336486b5b408bf3c594b7070652ce9d11a33b
Quakbot
9305e5d027f97d6b30532a66de06b10c0d5a8b7cc9bdfe8b0bafaa5cff5bbc6b
Quakbot
e487ee74b25e8132ce00d0dc0d36f4314ef1c228762461136f65f6fb1814cd9b
Quakbot
f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97
Quakbot
f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac
Quakbot
+ 390 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteEx
SHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsSHELL32.dll::SHCreateProcessAsUserW
KERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetDiskFreeSpaceW
SHELL32.dll::SHGetDiskFreeSpaceA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
SHLWAPI.dll::PathRemoveFileSpecW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyA
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegQueryValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments