MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2794656a18cb7899441cf3ed7678b282fc49a736b0dac62e304f185a13d3fe3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2794656a18cb7899441cf3ed7678b282fc49a736b0dac62e304f185a13d3fe3e
SHA3-384 hash: bedd1cf0509b14623a80c61e661ccbfc94e2e007e7f1fb34648712bcf3ca590ad5ec6b9a2a7f01aaa296295f88d79418
SHA1 hash: 9c3850a3953d374ef1d128b1dad18abdaa81f165
MD5 hash: 0b363a95db75910a32d550e041d73355
humanhash: missouri-leopard-oranges-eleven
File name:SecuriteInfo.com.Mal.EncPk-APV.24008.31893
Download: download sample
File size:573'968 bytes
First seen:2020-08-04 22:29:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab3ea6147cf30c3045e45f2bd2d3ac0e (8 x Quakbot)
ssdeep 12288:btEMUvHKtJ+X6tkXbcv28rAqTVc2xrWy8pd:JEEtJqw+8rAUVcarWywd
Threatray 409 similar samples on MalwareBazaar
TLSH 83C4E0147E311EF3D42209735DB3D231EA5D1C28A29584002FB4F66E3B36EAA5BC7D91
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.24008.31893.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/410012
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2794656a18cb7899441cf3ed7678b282fc49a736b0dac62e304f185a13d3fe3e/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 22:31:05 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00b6ac9409a35efd54cd1cfeade841d0be7f223364c0ae16ef2188bf06a4bb15
09c69b44ebee61c28b98a3d0df77fd22026da5a355e851f95164797537703521
39093e13c719696d510f790d601e904f7bdefa23f5bf1840bcd89496d972a4fc
3cd034c889355d26c1d1b07ef9dedfb57bc4842bdc083fc5d9fc165d27b49319
652bb2096d56a3b060aa8647c7e5df367df5e126e88fc563ae79019ea430310e
6776f02bc6b2e01ae7e68d89438cc4f96d8cbb5b8268583a02f1c959ff5c330e
8c622a97fff3ca6668bef65dcbb0798c9e933317424f10d0f20b21b86f20d89c
a5a2de145e0dd369a8e1059d3530d89a366b494c8c1246f454f0b7eed6cfef82
b2e312a2690d59a2c3ad0520e0e60dd046fc66e039a0c24baf349e959e87b006
d26f7e7cee5db195c9509b1d5824b03e3fd74fa60b164a96be20300597d51c7e
+ 399 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-lk8qbypld6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2794656a18cb7899441cf3ed7678b282fc49a736b0dac62e304f185a13d3fe3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/38922/

Comments