MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 148a731c526267d9dad3c578fdc69643843f778fce255df979b3374e66b5930b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 148a731c526267d9dad3c578fdc69643843f778fce255df979b3374e66b5930b
SHA3-384 hash: 9d808d89f254f3ad539d0f781c4de711819cbbfebe1203460ecb105d88c84fee6296590d181d5c59aad0ac3365b4d1b5
SHA1 hash: 37d2f20c824329448850a29060243169ff537120
MD5 hash: 4ea8ec6ac418724695a4eae6b66a4d29
humanhash: magazine-harry-aspen-wisconsin
File name:4ea8ec6ac418724695a4eae6b66a4d29.exe
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'096'144 bytes
First seen:2020-11-19 06:05:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0083432109e4f3dbcd0b0dcb5497f37d (1 x Quakbot)
ssdeep 12288:RY/1nYB9CdVkWpb/2CNYBtp+fp5jL6ERIs:RYqB96GsSnB3spF6Er
TLSH 6C35016A0C169F32D7FD193566E2D8227838768CA71B08B3778D1270B423C6D2756F9B
Reporter abuse_ch
Tags:exe Qakbot qbot Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/148a731c526267d9dad3c578fdc69643843f778fce255df979b3374e66b5930b/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 06:06:06 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=csfhghcsmjt5twwtyv4p3ruwiocd654pzysv36lzwm3u4zvvsmfq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201119-1wfr5qgffx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
148a731c526267d9dad3c578fdc69643843f778fce255df979b3374e66b5930b
MD5 hash:
4ea8ec6ac418724695a4eae6b66a4d29
SHA1 hash:
37d2f20c824329448850a29060243169ff537120
Link:
https://www.unpac.me/results/cd79d946-9c65-457b-8ace-98da9025d444/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Executable exe 148a731c526267d9dad3c578fdc69643843f778fce255df979b3374e66b5930b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/809743/
  
Delivery method
Distributed via web download

Comments