MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603
SHA3-384 hash: 9236d86192856edc8e8042364f0231dc8cc3642d19e72cbb35d9907e9e6cb8f52907532d457fd4631baf7ca7abd2abc7
SHA1 hash: d09b0c9dfffb4f6ad19809b7a4c5b1818f048657
MD5 hash: b79b19a490f9a741f52dea29e6ab409a
humanhash: angel-utah-whiskey-blossom
File name:2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603
Download: download sample
Signature QuakBot
Create hunting rule
File size:256'528 bytes
First seen:2020-11-05 22:01:11 UTC
Last seen:2020-11-05 22:02:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:cy5RbM/fsmoLYZj9qWCOWhcXF8rqeEaQDAA:cCRQOY7qWCdh68rqeEaQDL
TLSH 3744D08293D8C145F4376E76833EC3670966BD98A5239BDEC9C0B3985F3C8266B13725
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/84307/
Detection(s):
Win.Packed.Razy-9785653-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-10-31 08:59:50 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fohlrvwpyfu2tfhtz5sncpcrtfuxs3th7t6i2z34cwod6uijqybq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201105-m9vgs5eadj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
9c3e76dcbbe965742540e2997f8c3aa104c5a8c292e381af5258bafefca26359
MD5 hash:
8c3dcf86afb6dcfa6364bd705068a54c
SHA1 hash:
7be416eb1c642330b1356db914bd585d377bda18
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/aa57c698-caab-4063-a310-2f313e8fb176/
SH256 hash:
408c6261d3fe607be9533196651bfc481fd9cdf6ca53e67ab555a1cd584b5fd2
MD5 hash:
64bdd45abf6db36b5ab2aaf210fc2de5
SHA1 hash:
e2c56be94728a17db37fe6d1699d2d53e3720e6a
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/aa57c698-caab-4063-a310-2f313e8fb176/
Parent samples :
6cb75c332da3645c1a3febb0cd3721050d935458dba93cfc6fcd18b6224f68af
96f3ce81be9c325cbcf7a4d6ac1d9f853786f438e14c7ac2efab1f3a9f92e17e
dce8c0a91515f298034dbe9d3db8d391a3989b3f878a64be5548a29f71ff3fa2
4ef6244713f63fbba1b41434adf98b4d62ca2095641505252591eeba9ddc252a
2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603
701f1480dd42b05dcee4b5c3bd4c5baeff138c7b0a31003471a691b7f41465f5
b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88
fd838d99c76785f287c2088b82ea9d5d39dcb3dd8f0ad6af19b20167a544bb5a
bbd7c6b69b24afae38e8bb8dad1d1b05d0cd692add80cadc409bf02c9f41ada3
0387dd1d6d022e64582227a6a3edc92bf2b4ce4742bd948fb5a293c4d19042c0
bee777bdbb59c3120bc7739f233ac06f45f2b7f538c343e0be94c61de5071c0f
4cf82d583d9b0a153239079f9a0058ef4b2e6c6be2f0123b9198c561ffd42364
29e227af74dd7f3b308cab571f0b9db60a18745802259119e13fcaf353d18e67
4bf66097567db93b546d2b672c0c5065921582f13284d9eb68847309b00204cd
4dedb88eb83be1c251bf6334bbb2e1c1ca97f9983e54f2838e2f717001d4e266
eb9df43f0a8cd991657ff6034bb5daf779e8aae976b1a9e2c77a88991a015084
ee692f16050292a1c8ce5f4102e2d3e394d107e9e1b2d6315ad3cc0acc9865b5
bd7ae73fc5365d137acde6d2793a6bd12046d651cc53b4554dabbf0f782a0238
b844fa5e0fb285b30c46e7d4d384c87e7284e3560d68530cbaa1991862b82913
b0298ac579dada46528e0971fa161f422523141cbd327098eeb24c5b0f514af8
bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32
6bbb48104c5bb62141fc25770483777820d3c9e8cdecc962d8ea2a3569aa5fdb
56d529f84f59923d5169bae5e6c2b9f476aea1faaa58a85d38ba8e8551dca502
39d6cd237b99668d5018f346f4d71fae6cf2f085ca36d6d008d43fac5eccaea0
0f579a0fb58adcbae4da44603c3c2548aeda4de6b1ba82357c72d34dc71279ab
6374838e7cd98149f7e3e7384265e8607c1e644abfeacc14237f37bf2f32aa5b
f8f4b44d49ad632d96582d49f2f481f7bc1766c45a394cae0ddb4c703b10e56d
SH256 hash:
2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603
MD5 hash:
b79b19a490f9a741f52dea29e6ab409a
SHA1 hash:
d09b0c9dfffb4f6ad19809b7a4c5b1818f048657
Link:
https://www.unpac.me/results/aa57c698-caab-4063-a310-2f313e8fb176/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/699329/
Cape
Cape
https://www.capesandbox.com/analysis/84307/

Comments