MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
SHA3-384 hash: 22e580251534618ecaaa4f8183893609a32f48cdbae23c4f460042412121a3a7fc5dbd4f4b666a576d14ce0afb1c8ca1
SHA1 hash: 20d3dd8d5a66993990e8ebc8f93b3c70269fc5de
MD5 hash: 858a139e5d932b981742106ce16b4fe5
humanhash: hamper-twenty-earth-two
File name:063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-14 18:24:57 UTC
Last seen:2020-11-14 19:42:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:OYzvvamrZCIgRD83dfkFICdy2MseNbDuqZ31EyNEgfdJ+tjKk+GInR+HlZzm56Mh:ORKZCBOpxn2MwiIKb5UhulLhJ9FCe
Threatray 1'447 similar samples on MalwareBazaar
TLSH 113512D7F9BC8471CAED297F8993123C968A85E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.14063.28540.27055.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 18:29:29 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ay7ay4nt5xskpwfizuor4nkdfmxdzyf7dx6vrqtg5e7ksg4isx5a._file
Verdict:
malicious
Similar samples:
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
QuakBot
24f828742baaedb176d3dba0bdf3d06682c174a9b46b35bf5d145ee57f2aa643
QuakBot
279c511ba3dd0151e5c969eeb34924fbdb4707d0ccd4d0ac36dc9f63324a7582
QuakBot
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
QuakBot
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
QuakBot
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
QuakBot
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
QuakBot
a401e9208a31cca327a31ee872a258b358dbd276304625e461d46f5c656d5723
QuakBot
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
QuakBot
d8be99a67635ce711c3d165e4e5ad8aad798bc398c92f8be924b5dec534063f0
QuakBot
+ 1'437 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker persistence stealer trojan
Link:
https://tria.ge/reports/201114-mced54lx1n/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Creates scheduled task(s)
Adds Run key to start application
Qakbot/Qbot
Unpacked files
SH256 hash:
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
MD5 hash:
858a139e5d932b981742106ce16b4fe5
SHA1 hash:
20d3dd8d5a66993990e8ebc8f93b3c70269fc5de
Link:
https://www.unpac.me/results/7116a24a-6053-4242-ab0c-323d9dc9bcf7/
SH256 hash:
52967f6ba913e7e9d7e4d2fdfa5cae1b60c6eb7043c919f1cb37b44e9470a851
MD5 hash:
10f0b4055e20a263a0b027a3e681c810
SHA1 hash:
110a5bd1db6b78ee9c5ca0c2a74c6d8ee3da6c88
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/7116a24a-6053-4242-ab0c-323d9dc9bcf7/
Parent samples :
acb1a2562d23cd06da04a144712d3a0fbe7a7c37cd7532a2f0986803e44554ce
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
SH256 hash:
c6361e064e8f8d569546e1561b37144cc70b2f249849d1ce673ba5af663ce12d
MD5 hash:
b24b0cc63fbc0bcc6fd097403c94551f
SHA1 hash:
f3d72c9276d5b2b5cb6b87758181197c4a8becc0
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/7116a24a-6053-4242-ab0c-323d9dc9bcf7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments