MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
SHA3-384 hash: 53930e584e1ad36f1d165e70cd7f62e0422bf53833235475afe70ab5e1014cd6332402c785f7be1815becb1e44ef056b
SHA1 hash: 8fec9a478e2c7793560f89a68bd9811569e49d2d
MD5 hash: 35883ed847abfc3d985331b1a4e47113
humanhash: rugby-low-fruit-beer
File name:12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-07 16:44:09 UTC
Last seen:2020-11-07 16:50:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:vRUyPaA70SIfRD83d3kFICdy20sDNbDJEZ31Ey7Egf9xMtjKk0GInR+HlZzmr6Mh:vR30ScONxn20ec2KprUhulLhJ9FCe
Threatray 788 similar samples on MalwareBazaar
TLSH 3D3522D7F9BC8471CAED297F8993123C968A85E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 16:46:20 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ckrtwtf2vbjdwsp36a6olldxhymemzqgmkqmuz5x3ltbqydonlsa._file
Verdict:
malicious
Similar samples:
0652d513a2c43aaabbb806eeda3e035aa3b12449a718610d42453896d9f97751
QuakBot
5e2d7b990c9f6667311a44f7fce078a5bd3e033965db4a31c177bb84b06e8540
QuakBot
76dfd774e997c6f57436d26f9687330780fb4e531be2ac87b987f59caf9420c3
QuakBot
77156ec82469bc688ff6fc4c82ceb4e725347dcdc1ea0282d44de212b53d564e
QuakBot
78749911faeac0032bb0c8562761fa6ee3fb85f37e099f5169d9dcc29c8024bd
QuakBot
9adfaa5b63a6a5456740d383e463055f47b796114675f0912e185638ad135d4a
QuakBot
aab0cda9f1d257a3affd8ee4c8b7eb06369d598afa2a1daa3f0780851fc083cc
QuakBot
b78c608b6efdbcab010375b990d029eefd2aa139b5796cd5b10adf50a8e48ec3
QuakBot
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
QuakBot
e187fbf6543d1993f0945c04ee520600b6493236bae169a020f9a10c547e249d
QuakBot
+ 778 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201108-8vxs94s7hn/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
MD5 hash:
35883ed847abfc3d985331b1a4e47113
SHA1 hash:
8fec9a478e2c7793560f89a68bd9811569e49d2d
Link:
https://www.unpac.me/results/e33d6639-4054-45a1-9f92-d0aff928da91/
SH256 hash:
b2245e70317ec7dcf7eeec79ce69303c70c9e8ce0e735f58be4a3cbd9a1aa32f
MD5 hash:
1cdef31263a0d2d690a3234795b357da
SHA1 hash:
6d9987126a98e89d72cc6ffbdf62065b3a319abe
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/e33d6639-4054-45a1-9f92-d0aff928da91/
Parent samples :
3ca3e5b6d16a79254fc3a225630ba6ccce14af026d05a7d07d52035f556c2743
cbea93d2d24af4fa47dfa9e359a44452f31bff6d65f194cc720684e48a2c90f5
ce42bacf0b5fc43144e33f10aeb9de744de818f85dc44da62b05e64204c42580
73d8eec4558786e302ac9d8d4252a60eebdf4f66eec9925b58d437dbaa5d826e
96e21a6d02770fdff74ac912154f8c7c7a934d7236360485920c8550fa0050a1
18c4314cf758c6745a883c8281c46307e0101974e1d3604fb59b0e806725e5d0
74e832a79ffdd9830db4eb1acc11150a3be94d1ea3665138c9454bd066dd0f95
198f84cee0dae79cda9db5518ba28e2b23000f2fb5735b0dad188bc5972a5afd
ff996f55536de7a67bd73ad8bc3d79a2b39fbacf097c4c506fc7ec0093892588
279a8de5e39df1db685c2c3f3a7ef24ce3a080f485ef4258f3af544ba3f0a170
4dece4f8f1843e688841d1af9c4bf04ae4750c45ab6ab1aee6c8e584882fa6e1
3ce99c8cb67713268cb97548c173ebbd2e9a78b8d2e2a313aafdf84fb1bb109f
3a170ddf4a5187f7bdb2ebe0d2bb50f1628efe9aa17cb79691fdc7b639c20983
f807aeb37f1d5ae92f3c526b1671f6de8ee9071a6b095f1578d535574445d935
80409175a0c0b823892302d5fe864b8cf8e7adcf7c3224cdfc42d3440089f56c
d1ae43466c5c168ce5f6b08a8b1cebed1c50c4e830f5d4d8edb3b0a1707637ba
48a5c7982d3a0aad3a316d391be806bf4518a3914e6304ca23791b1a96f7a696
333e420c622641ce1d0e90836e2d6de9512a8668f36b29bcee286d0dc0362ad4
c648cdade25de484dd01fb660e5b6a0b5c04ce2f8e39fc3003d66f7ceecf8ba3
55b595b2b235716148d0d97ec9e206b5236ef4eb50fc319076d7dfe12e9f31f8
3889e86218b5cd959cc18ea5c14d669b72abf79e16553c250f783f0570da5325
c8d8dac841ae4780853d4e077265967a55ba5327cc7a6097fa88db11f09cc8d4
e765e101f19ac53b1ac1796e8df871a3317c139d2cf9963f0b9ce4877c6a34b4
18e515b87f2113e0cb01aee82cde91912f49ef2bae35a25370d4450f760f4c8d
e7ee18860de04ba320ca073bc31af13d7ad12243b6e50ee56e203e082d4fe2bd
d09d81afbfbf62c6c9ec7deb3c05c699b909c4272698eee14fa21fc09b13c747
efaf18151dcff71f99c514983e1422c7a55db5bdaaac3c01577154f7602f8394
a3326f70eec68273df75df9e431840627ac8c1c4f04be69e6765389effa3170c
2ce0e3f6bcfd706d3b2776301557a2dc3848a2327ad7466f84d8001f15004690
ac7b9830f90d43ca657e76d9d61fd9efbee50ebe1ad5862e35ffdecb7562ebf9
80d310a88b41d69098d4ad67bd64724933bde084e7a55ebde5e3c73664e49e5e
3657746febac3e11b3a87644b383881675bc2059157a82023d4b5b1cd0b09e3c
d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f
e911a974637256342c4378618b9e0e62f1d77566520977f9f06d03a9f77c94dd
81d9bb47df5527528498454b8e3c657e799a9b253a14e73071bd4a00806456f6
1d4a1f599a48fa710927daeef32a4e509000d2c13cad1bc0b078be9ac0fa2fa1
d1398bbc8382f2b58a852161106c3a1af471ba4df0afe4f8043bd6d711e3abef
ba8b76fe44cfecb234e2ea47adc293fb4e8a7c62119776aab010c2c87500871f
88d2abc1412d8534cf237378933598cd02179225691a298c65e871e77a12de25
36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831
224a2648a7943386f7b3b6b9f22d87d8c7fec9466cffe24a77f17d7a621b8a79
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
b47d309f16f635798176c9d24035d0bc145b580512adb81191f0ce8684b8b9d5
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
43ba9c85b598b5cfcd1fdff00351fe461ab214b1a2b00efcf45f429b5893b0a1
7e0e9f3a1f1bae034cd67784a804dd40375c5b738f7083c9e337197a296425ef
d87d94fd2a6dc33fa5a443f18dc996b513d565d0edd88a88bb322c53f9111aca
SH256 hash:
2e8d9b7e75bd6ebcfd3352a81929ab2ebb68866418e9ec7fe2596433c17c4c1d
MD5 hash:
5e71a3dbaf79a1cb98b8ef66c96da229
SHA1 hash:
4d695596686196288d29f1b35ece6c74185ac6d4
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/e33d6639-4054-45a1-9f92-d0aff928da91/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments