MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890
SHA3-384 hash: 40c9f0142174be96f9de4939c54c9bbae4f3895a9c2e9d318ad8f275b66c2f2a6a67ddf1d710b371d39600364d8a2f6e
SHA1 hash: 411b72125755afae13c800bd5c25167842399c2c
MD5 hash: 03c8f3a685bf1a5796108065d7254cb6
humanhash: black-purple-spring-may
File name:26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-15 23:14:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:fRDPwH7kko2IARD83dtkFICdy2MsGNbDZRZ31EybEgfdfktjKk3GInR+HlZzmf6s:fRavo2hOHxn2MO2uK+fUhulLhJ9FCe
Threatray 1'584 similar samples on MalwareBazaar
TLSH 373522D7F9BC8471CAED297F8993123C968A85E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Sending a UDP request
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 23:17:47 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3aqnms5ah5ohufzjl3cq3lvkf227hhsrom4bncfgvekyn245cia._file
Verdict:
malicious
Similar samples:
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
QuakBot
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
QuakBot
18a52a088f46ae8a4dbfc27760bdb3e22dda61ed353c8b8ff3dc16aaa1df4c43
QuakBot
279c511ba3dd0151e5c969eeb34924fbdb4707d0ccd4d0ac36dc9f63324a7582
QuakBot
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
QuakBot
63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433
QuakBot
7e0e9f3a1f1bae034cd67784a804dd40375c5b738f7083c9e337197a296425ef
QuakBot
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
QuakBot
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
QuakBot
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
QuakBot
+ 1'574 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201115-jeq3ryh3en/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890
MD5 hash:
03c8f3a685bf1a5796108065d7254cb6
SHA1 hash:
411b72125755afae13c800bd5c25167842399c2c
Link:
https://www.unpac.me/results/f53cdbba-89fa-4aad-9378-3bb4c52a35c3/
SH256 hash:
f020355c6de8c2b74d97c3035206d03de27460e0028ea76d60d02550fa76d93c
MD5 hash:
d02c1f7295564f910347f1e7bb4d93ab
SHA1 hash:
df5519de0ec1c45f3d28bd6aaf02b9467c09f15c
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/f53cdbba-89fa-4aad-9378-3bb4c52a35c3/
Parent samples :
c96411f12a48da05040dc9cccf208ae0506bbf1c8d1c2e5a6b02fd5f26eadcf0
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890
b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d
SH256 hash:
20f5194643a00a78cf194faf66d8bcfee937be791b24cbaa2651d32fc87038dd
MD5 hash:
f272927be747186e6a2924a9db05399c
SHA1 hash:
0e47210734d446929e25ce901ddd5f4f9d945547
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/f53cdbba-89fa-4aad-9378-3bb4c52a35c3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments