MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
SHA3-384 hash: a85fc848128f1a7d26caf9f8d69c386818288bda0cb73c58ee7538c61e6b38ab9d31f28436cba7499133f0f5c3776596
SHA1 hash: 5e1e2d03a1ec7656d7e632f7afa70c500a001653
MD5 hash: 3c2f25592abe967f3c6e9891ddcf08d4
humanhash: mars-burger-sad-early
File name:246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'226'240 bytes
First seen:2020-11-15 22:36:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 65b7e4d2b8f7b3cf1dfc4bed557e0068 (13 x Quakbot)
ssdeep 6144:qQLmlMSY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJR7:5j6AoS5EU/Lp56kBgXOInmNouL+Lwb55
TLSH CF45D10DB737C000D3A62FF605924B98E66FA8E93B2191075BCA670D3DF93E57827589
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 22:37:15 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ervb4kydayp6lblwkz5eocqkqqafaljyjzkykzojcjahb73r6gra._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201115-cxjhkb5e8j/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
MD5 hash:
3c2f25592abe967f3c6e9891ddcf08d4
SHA1 hash:
5e1e2d03a1ec7656d7e632f7afa70c500a001653
Link:
https://www.unpac.me/results/3bc95b66-402f-4c04-b994-c1fe1478463a/
SH256 hash:
5cbd3e7016d9bc402f7d8112ed442b4137f50c46f2acdede258c13f448ac656f
MD5 hash:
9573bb535a0efa2a65cd65fbeec23229
SHA1 hash:
a383dbc56bf82518aeb5dfb94c3022f5c2ee41e6
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3bc95b66-402f-4c04-b994-c1fe1478463a/
Parent samples :
8f34f7308bcf431f2e8cb0b609decc1d59a01283a2e63c423337a8df158352fe
31f3cd8583668c63677e4c201f4648df7d57c0f80159c339e00751a75cf32aad
648433c9260784d21960fad81af3736fb033cfa0e7fb0f55c0404a9ffeb16b9e
7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
dfae1e916e03a97ddcd5a110077f2f7da196ed7999e1172194681f096bdd2bcf
246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72
SH256 hash:
4edc29614bcb2b5f7aaed2ec9c9fd6598d4ce6e0b4242b6c404e8c05d3320bf8
MD5 hash:
68f4feaf8c828999dd9f7fbcc7442073
SHA1 hash:
43333200307746aadbdcd9099ee0a857a1e099ae
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3bc95b66-402f-4c04-b994-c1fe1478463a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments