MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 100ecb0548437822834fce5bd2cfd4eb40c22e90cb2fd013d77d967c7a13054a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 100ecb0548437822834fce5bd2cfd4eb40c22e90cb2fd013d77d967c7a13054a
SHA3-384 hash: b72d87d6c13075aa840e5b650e881d3a3ce8cafdff89a2ecc0b1daa42ee15b6b50508d366e63351c34570f9aad7e6cb8
SHA1 hash: 8f42b77a7c9a33ac3275943c7c502cb406d9aed4
MD5 hash: 622a1083ec23b07f7b3e2a9e412cc08b
humanhash: maine-lithium-bulldog-iowa
File name:100ecb0548437822834fce5bd2cfd4eb40c22e90cb2fd013d77d967c7a13054a
Download: download sample
Signature QuakBot
Create hunting rule
File size:348'112 bytes
First seen:2020-11-11 11:07:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4833859d9df0e403c253c8a799426c16 (47 x QuakBot)
ssdeep 6144:Cmrao/6vdwjie1qCOYFpXD36g3pPnx5b9XP0+Bha//M:Cmrao/6e2eQxopr3pPnt8akM
TLSH 8B74E06EDF278990E2613BF642C60BE94D33B8A93132561A4DC616472DEE3DC3D13798
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Bankerx-9789115-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/100ecb0548437822834fce5bd2cfd4eb40c22e90cb2fd013d77d967c7a13054a/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:08:51 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cahmwbkiin4cfa2pzzn5ft6u5nameluqzmx5ae6xpwlhy6qtavfa._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201111-z8kc2zllss/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
100ecb0548437822834fce5bd2cfd4eb40c22e90cb2fd013d77d967c7a13054a
MD5 hash:
622a1083ec23b07f7b3e2a9e412cc08b
SHA1 hash:
8f42b77a7c9a33ac3275943c7c502cb406d9aed4
Link:
https://www.unpac.me/results/8bf7b843-7a21-42f1-bedd-0abbb0525412/
SH256 hash:
22f6da10969678ebcf6d9c582ad079cea58bd982322c894cb66e8223157b0bf3
MD5 hash:
1d7d44ba20faf11673e143436365786e
SHA1 hash:
65652f79e7c59184a621e43a4751a3a02f35dd21
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/8bf7b843-7a21-42f1-bedd-0abbb0525412/
SH256 hash:
47a802bccfab2ec23561d8adeb886bc938c91b765af77cd4e3ed25d9cf3a751b
MD5 hash:
62f6306ade36542ad204147a63cab80b
SHA1 hash:
04a826c06c5dd996b0556be01ce89ee230c2e089
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/8bf7b843-7a21-42f1-bedd-0abbb0525412/
Parent samples :
d63cdb3488f01ba3934ca197871561781f9c657bff81dc3192683d7a6c6e06d3
b67267d494ea23d58a61c127eb8e32b274878c3dcfa6586e344604397f7a457b
afb04ccb08e70f8364ab5550702d3700ec8a4e288f784d9d3a0c2d87731f9241
a496166b093b8b09a59f952e7a9a2196aa7754dd3485b4412ec0334cd59714a3
00518aa68c49a0a26130ddd74c227bd8bc39511ca59b57fd1ac5b2c40932bc5f
55e044458184d43ce58b0c4ed30012ffea51c9f2318f670351c7ced786bc9098
9bdcba646b1d23d407beed7aaf077b177fdd260b1a6974940817c67952fbc097
07fd3129e86fc448eb752a68f4e7e24aec3bffe0c1223a6f9d7a3b3d507e6d14
4c79778a10d1b6eabfa425cc031041eceb47e06c7499069607b13975158dc481
16e8dd4d681393a757e3420dfd00187ce7bca1aaf0f792c33bc6bc68693b936a
5d6aa5ee7c6b17615f2840c7ce21cd8449ebd66664be2cfe996187c6e67f53d7
bfb5a74c26316210ab08a6a5e5a5ca141064a9e06962fc07d4b647ed2dffbe74
8109257615124835d77bf857ba60bc516ae9319daf92444028663653358ca3ba
adb77964027061ba4f007c8d125b5da4c332a83058dfce27229674f79c60d674
141a9a4d70ec62c5716f6daf01e5e068525217f06551076fac102a88fd66f3e8
5dee81f839ef4b7e681bfe9dc08efd092c286c5c69fd3bff279ca4deea225b9d
520b6a248e5caf2e361bef4fc425524053e6e45bdd012b9ce6fd808d2f16e37a
17a7dfacd8cbe5f72678b555686a95384e33d1ef4d7c08178937fa8e0da580c3
100ecb0548437822834fce5bd2cfd4eb40c22e90cb2fd013d77d967c7a13054a
78ee8b4f784a925697988c36c75004a752f6ba0f04189451c65909716091fc69
9a3e68ff897ae34d1353411f041d28da65a8813284371e58d36054e364d708ac
3b8ef052038d49eb5dd8922178781abebbac9ab240fdc6217e759441ca6894cd
e500c4bac91c72d84eda077e40c8fe2d0b208d96cf20afa087a587a2d91faa92
7a6f78fe16ceb595bbca244a09faf2a484fa10cf8c9832d3fd81ee29fc944538
aab1b81444cfa91a3b30ebeee77190e9a553e0f50dea9219900f3eaf9f1db041
165696c8e9809f88f42ea30ecf479739325a63e398f50e06205d8c05ba679fe9
88227726f54585fec223503ce81fccb48374446ac860e7b198776fff6866c91a
81fe223734031264739575dacad134efc09f2c813bb6f29d157d68de49dd321d
42eeb4d661dfebac7e841847c4ae0b9643e0b77324e9ef10be4df4159520f3be
dc9667424c7d6a7d3aa75fe33f01c13c3f5295480e89db78600c7f28ef977f1e
14d660ccf1c5fcca2901c9af7049394463ff3cc094974d95271184c93d55d311
a7aa237fdef6605a6d7e396c64ae831211358416caeeec255bf7b0d26b85d9b8
60131eaf79f1934020fc13ac9c7f02c855cdd8b2abfe00eae324f4e6f150866c
27d9a1f73efa976505ef317f1c74c7a325761017aa385d217cab6df2c5d3ee9a
c929200d0410ea735f4094a8217b50f8ca68880a8c5991c95c76912bd2e0434e
7f1f5839e5b466f9120116195752d65126514b024ba635100da06cf23a624547
74196416a7f3a4f7422bc237526fa90a840945732629821831027e119e75906d
0897c2f3d203f2c3ad538a5b91b71f5c5c41b9bf7184900c27d667dcd82401f5
b433d37dee81f3bca6220435a9738b837c67f96eccf0c76fb45c251441bbf1b1
27c3678a902db5c188bba8d49f32f7e829b47a1a2ed2c49e10039b4c170385c3
c53e1bf27a23d7e2bf0d7f7e820d03409cf7020fd2b06fc53d12884766695dad
a8f97463173ac6b52512291172d465d490547d3e94e0055890f51c4e82e4fb60
85fe3c966a534f455f71ed91ab9619f7d393ab4ac493981e6e05999403d37f44
60c64cb07036a6dc7c25695c091f1bc78edf53b7057686cb914b1d0706d78be8
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments