MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 256198016ae5ea450648d8a8786820e44099a79e967d8a7d0bbf92381084ec93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 256198016ae5ea450648d8a8786820e44099a79e967d8a7d0bbf92381084ec93
SHA3-384 hash: b6b8872fbe1989955ac082bd0778102f472600463e309522059365c5aee0b37a14550c1145d76573e1439dd9a59fab3c
SHA1 hash: 86424ef9d9f9b578ee6a25cc214861bb40bd9efa
MD5 hash: 52e2457ec22a480190a39decc7ec4db1
humanhash: yellow-vegan-yankee-william
File name:SecuriteInfo.com.Trojan.Inject3.39661.30766.10087
Download: download sample
Signature Quakbot
Create hunting rule
File size:2'093'568 bytes
First seen:2020-05-07 21:42:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9682eab8b5bf2987119d6d40fd971332 (7 x Quakbot)
ssdeep 6144:H77TbPD1Dj5YOQF2qTdGJ5zD7TZo6x87KT8Hb79lWrfhrYD1rS:H77HP5Djd+TOzD7dxI9G
Threatray 418 similar samples on MalwareBazaar
TLSH 55A58B113DA8E515C45B163BD912C6182E286C1BA9E4450A32B3733DFA3FF67D89CB36
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39661.30766.10087.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 22:35:22 UTC
File Type:
PE (Exe)
Extracted files:
81
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=evqzqalk4xvekbsi3cuhq2ba4rajtj46sz6yu7ilx6jdqeee5sjq._file
Verdict:
malicious
Similar samples:
0c63faba52a07b325662821bd818f9a2f86e927ee9563c86ee832cb133d431b6
Quakbot
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
Quakbot
2f6622a2e1725aba11b3fb91a8865f8ff2be39cf54441bd2a28dd6ecaaf71f56
Quakbot
7704a800d825109caf7c28429b70573be54239162b66e7d008ea031c7b435672
Quakbot
8acb7ddbdb58ff54803c9db7110354b32009258f7dc083fcb6cbcaf9be192d0f
Quakbot
9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317
Quakbot
a42a0b4af3d8b614fd72685b2499ad686c32a881bf988ee111e0a3b2b19ebcd5
Quakbot
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
Quakbot
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
Quakbot
f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
Quakbot
+ 408 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201109-fgyeyv1s7s/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments