MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6
SHA3-384 hash:	7f440210e0ed5fee4bfa6586beb23eec6f2ec44650eaa08d6e90417d74adf2f0cec657d963ac9431cf6b64902085a786
SHA1 hash:	b19a6cdf943e9d6d090f98013ec4636800053a89
MD5 hash:	525b9f34e4af69b5bb9b5c2d242ef238
humanhash:	dakota-connecticut-stream-blossom
File name:	525b9f34e4af69b5bb9b5c2d242ef238.exe
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	1'070'568 bytes
First seen:	2020-10-21 15:36:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	82c23e1ee79c35a4b779a3040d232a07 (54 x QuakBot)
ssdeep	3072:wU2P4gYgzuBeXRTZnDNNlJ06KEzGZV8uv793SVHrgCuo2zh2kB3dCrMOr3HhYvBf:wJ2gzwETZnl1Kj0sSwo2zzOxmvbVqQ
TLSH	AA35D0D0E3A07C09E9633AB18771C6710C797C6BC570EA9F147A3316E5B32416B92B6B
Reporter	abuse_ch
Tags:	exe Qakbot qbot Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/74205/

Detection(s):

Win.Packed.Qbot-9780687-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Unauthorized injection to a system process

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2020-10-21 15:40:40 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=bwjt4ukwisvgnj4wnknrgdan72tzhb2rt77m5ggjwuzl5ndfyd3a._file

Result

Malware family:

qakbot

Score:

10/10

Tags:

trojan banker stealer family:qakbot

Link:

https://tria.ge/reports/201021-aemc7qfcwn/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6

MD5 hash:

525b9f34e4af69b5bb9b5c2d242ef238

SHA1 hash:

b19a6cdf943e9d6d090f98013ec4636800053a89

Link:

https://www.unpac.me/results/ba9ef40a-e063-444c-b987-829f9f154919/

SH256 hash:

bf6f3e04249cf4a34f7556636c679ff1c78e2414fd37868eef6d100cb7282fae

MD5 hash:

df598a3910b9f05031cdf890b7f46d13

SHA1 hash:

0cf9d9322c4f984cbf917b6e58afde58721f6ff7

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/ba9ef40a-e063-444c-b987-829f9f154919/

Parent samples :

c1f8229843775292493bd216fab958d931724b05118e11ff31b88701a60f481e
2dc8c6d4a258da90c8264ed93eea388c46f2e0206604a62d1325ed0c80eae78d
9d3d2f050b18db0f64de13e177451eafe444a0efae7ca187a8e19fada9bab69a
3ad143fe091e2398207ac89ed82cc31f5bee574def93abd938e001b35898fbbc
aaa0da1c0fb9454c515f728a3f1f96522acbec7e19af77d4b29dbcb429989b06
664772bd38ffaf9acb17b9485747ba706d7ddf1d8374f8fd6594251d1df85be9
9f90bdf9ba391e45d111d84c6f59f074410928c306feef877ee9e1a2e0668f16
0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6
27d5472270d1f4e22dec38a609bd1ba13da98f0402da00854356a434dd35e9f7
e55c191f081d06d46846f73db4d847c3a08da2a517b70ee119f2586c308ebd1d
d3d383c69c158752996ccacaa56ddbdb43622ae9c09881a5748619127081550d
235568c5852d8e14ba67dc20a3ec55ea149102a31e91de23e9a0195694b4a023
e7f59c4c54d50daafd2a75a679887f45353de0ffec9b01bebdb3c07bf99ee648
2bdf1c126de8c061c5f06b07848f4a8cd739d65775b15523689d3640c5782cbe
0c2785c84f3b4698ce6b2b45293c04b108d89c224d65aac5fe17a41aeaa3370b
6d591e0b8cadc9b48c8dd2d10b71d5ef71807c2a209d00dbebbc92ee86d5c3b3
1dbca928e5e4c046ed38226be564a4f9d42954105d59fa5e126d9027fe0071e8
31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26
a1797622ac302556748e768a266c38a661c64fa4dc5644c5b671e075f6d60b07
ff04c2946ed2b1a35e2df86e483046e7789c89d024fb1bfed62aa008ff83801d
b91a1b6bebb18aeb5f8be1f1d68041b370de1c5e081786f283698932ed6ae1af
608eb9fb00e7ca6e5e892af6ef0186c1bcd21238284e7dfe217e178b1dcc9a26
c7d441730268513a93810fb4249f534259fd9d330ea7605ffc6c6b20ff528a73
4501f4605ab99f013c75de4c2ee39bba7632479ab28733de38bc5c7ad78dfac0
e3a9d373d1b1702563c2d233f45ecd5a6c04af88bb950b5d273ac75374c1b4d6
308c0bc34011d739fe7546bbef874c6267e77a7e1bea698380bd9602971e00b8
bc42b5ac4bd1c089c3db960be4011cb25e170573236444df0e6861eab87b4243
676c897d933e6d0123b54f1be67690aa7a02a93622a29bc77e2cfc0d34ade3bd
39aece13ac26b4bbe6fda8a7338482f28bede5d089dfb5ab0d0e3803d878d36d
0b759c4168882c3fdf101507c2a5cb246244f792eb478b5a5195433a0a8eae69

SH256 hash:

c4cb443c6e6b3bcde20a285c30b8c8826a4d4e756febfb1f946e517be1a66682

MD5 hash:

f975aa490d69a0045cee5ee9fc163973

SHA1 hash:

6fd0a77d463b361548b2475130e1ace6106906c2

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/ba9ef40a-e063-444c-b987-829f9f154919/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

exe 0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6

(this sample)

Cape

https://www.capesandbox.com/analysis/74205/

URLhaus

https://urlhaus.abuse.ch/url/719179/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample