MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuakBot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76
SHA3-384 hash:	1560ed96fa3ce12b4a197ab5e9d2f2d946bd52d69e70d984738dff31c0e8de774e83a06774f9b20580437a7c8b9313df
SHA1 hash:	4394d8d5c629a3f8f43bd089a4c09784bc47e567
MD5 hash:	c2e3b22d4c80e7970295b4e20a0832c0
humanhash:	freddie-nine-victor-blossom
File name:	2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76
Download:	download sample
Signature	QuakBot Create hunting rule
File size:	858'624 bytes
First seen:	2020-11-13 15:45:30 UTC
Last seen:	2024-07-24 12:36:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	824e1df26bafdecb4b622783cf1d0684 (157 x Quakbot)
ssdeep	6144:mI+G5g2u+V7tm+wzphhWTxK+KsO8Jww014qSrOmH7OLrBiMZLjUarECHiV7HTMkO:B5b6tzDKKsf0QOmbGrcsUaFe74h
Threatray	1'347 similar samples on MalwareBazaar
TLSH	4F051243F6BCD826C9DC19B9D9770A58A959D49C6D06C11B772C0E6CFCF22F268AB103
Reporter	seifreed
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Qbot-9776112-0

Win.Malware.Generickdz-9778017-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Enabling autorun by creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2020-11-13 15:51:12 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fpligw5o5suiateg5ihdksyu36mnyebnaonuctpxzrv532dinr3a._file

Verdict:

malicious

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/201113-8273zdqr2a/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76

MD5 hash:

c2e3b22d4c80e7970295b4e20a0832c0

SHA1 hash:

4394d8d5c629a3f8f43bd089a4c09784bc47e567

Link:

https://www.unpac.me/results/60aebfc8-7df1-4e47-bf45-5abd003ff76c/

SH256 hash:

cea6d85ea3380bbb9f12a75c83f9684e9ea97e508a333302f78b10af59649dfa

MD5 hash:

071dba508541f07c696850a1cceac79b

SHA1 hash:

11e4716a63363ad9e0db8fb96ea8b847d93950f7

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/60aebfc8-7df1-4e47-bf45-5abd003ff76c/

Parent samples :

a8c588796b11ad1cd67f8db462958479bbdf891ca0f01f16dceca57a054adaa4
a89c659b236bd2c66db3f78d27547b586c096e8e1e8da94bc56f7ef77c23feff
1eee3a75b244067dd516ea5fb8c975bdd8f1164b9d7cb5e7882a85a88ad54071
6d79e7137fcb16e20b023b5fe7556b666864df8bbab9b2547f222a5788be217e
6fde1eb99dcda91d3d151343ac1bfdfbc88cc0f0f973f5ef1ab7c3515848ecf2
51c5fdf1db5b643895352582db4703f5c661c30e073ce7be0fb390275f53a5d0
888a8cfd896f3f4bcd92468acb6788eefed813f4c5c8f927409981fe6795fbb3
10850ba165cf59edf2a77d897a9c726e9f727bd167fc9140ff47c95f3b81230e
7377221d0c4f581a28c0ccc8ee21d9e41b42b535ffcb56ce7d8cb56562354323
c69f9e6806898c2f2c336199205e35b6e4a30c4ed372dd623bca33fa1f6748f8
d2c84ab5561d2b4d77b61842feaee4f203b5266d9f2bb72386a8df4c67014410
f8a958ddf9cb086be0a3140d8b7debda93f532405d11692a06d2c7924d92fc49
1bca7afd8fbc20b824f38d40e6942f496fbcde858677caaebf65bdcdc7ed3e56
2bb5ffb0d6fc68654bae9caceb5d0ce9653fcd338b2d0324ad458513c02b334e
6a7be20b1d967734de3baa78e7202f28f445ad5af9b784e5ff4fcc2c5e805a64
6eea155cebf02e62602005bad428a4336cc8a1562d1324fffd12a31fe2adc1ed
19e9b1aee4539719aca737bcef4b719905b382ef50e574b84ee13c475f101814
39f79b149947ee3c4fd222baf490b801ee03d959702475fd078e40fa3757bf65
47ca4628fe317a7c1cd3ee245fd9788c5a73e5fd43d486977bfa07ad4b371bcd
60b853295abc2ee323cfed2d1669a018e01558cfbd30ca97f5a29e5d174f4d29
90f10b1ccd4a543d665cbbf3e6274d356667c618cb3b9353f33a4d8480725dce
96a44ea82d9a08c216acce8cfdf80d0ac9db4eb7d1555cf9ec1608da8f1ac37a
3676deccb6c91abd1ede0d8c94bf67aa0856257f0f2bba7bbb6ae9337a274a31
6945d3d4f1ca4f3292138c72d600012240e6e5635d6eb3649752aeb0279e1830
66879cae06aa2ea5c73eeb75993e8cb95000bb04c0b9b8be8f330250ecdec6e5
9941374eb119254cc8388cea2e68545c20ec8e34bcab7c18baa7071ab57f7eeb
a0c3bbfaa021276417ebd0583b73876ecabd96fb01b90009ca75e18d037b7350
aaf00acd9ae4c47d9fd5f8416331a16952fc96c1fc37ad5e57e75dab33150fe3
b4ebb5d72d702b36f45255da033a37e38319db4a34ca27494f3b1b00c58e42f3
bafd93dd540d54399a278bb03584a2264ef81c284641ff630f166f896d8fa53c
be72f93dfd2ef281a69816f22694ee6ca67307a8f0c3df307b89d50d05c4a86d
cb9fab895ec02df23c598e7076deb9d2e535c8af5686ef1cc11c6e01618d943b
da909dbc3aa8a133057aba8df3659d1c3c317020b8cd79cda93715dce8c8bea0
da45205023fcc858d97c6872dff3b6cc8a5202ac2bcf755d89b115f0d897e917
e4e358a39f5749710132b18116befaa9d47c166599b0e687d10ae1ec64687379
e7a5d98903b5a602bdb6e6281b1331cdc56878c846b3d9420ebaf7eec969a0f4
ef1d4b7b3e3bc00f011f42c5e849e0a647151aedcca9670d0e155c34053498ef
fc59281d717018816d0ff8f2aa58e5491df892d3e85c50c8826b8e0ee5904af1
2ad1af1c743c1a32a7dc4e5c41287a1a682b64bb88de91b3824aaf4ef9a860e5
539f582e1667192630530b59a5b380e32bc19fbf5f2311c487c150deea298747
c5f97af46e6deff87e39317567b6161452044ba5810935a89d0fa20357e05e80
d3d579868885ed7837e4a3ca14fe8ae43f1c684c30009900147491e45e5cdc9b
b6766b7936ce19f4c84cc0df2c3c0603cbf1c595564dc66b9e4d8b657432c5ad
0b996164288139304dc7af17ec8f1eb6eaa4557e7672c5f13d4a4717a82590b1
f782897fba873ac985a4ba5ddbda5d3111367b071aed390c92a0326823915c5f
be260feb3676b6dc9299a722d5a435d23c316e2c847d8017516d0372d0e82ef0
986f839c56677acfe8f38a64e61686632c49b4716b6241a0a8134c4a3bb7284d
207dcbe556edff95dfef6d535804888d3ec2a25e22192a0c894d15ca0e70bc71
a90a4ea4768e5d39303d1bc60d5f5dbd1da6e09063ee4ee98fe739aaeade1803
aa1e2fcd4a1ecef76adfcb7cbb6d553e5585df6cda958f308a9103be726406cb
14e5cb56ea895559316c6c218c4363ff60ff18dc32c779346b9d800dd8dbfc71
b9ecc62ac685901a3cbae541ff90e5da58f83ff3d24cd4c1a70e749b6ffcfb74
b2a0df815067c8d745a59e67640b9aef9ced7e8388a9a8b56b17230957ca7c6a
a5b3992fd642952d72fecbb4e5247887c89eadc6493085140bf74eb0e227482e
3e80a0b8ec28607a3cbcdad1ab071fd21a6247ca2c05f9a01bd493ffb4729a8d
10439cb0de42c37350bfef8e9741b90f53fdd2d48e1c9e82bf3dcd8334073abf
33ceccd41d502fe3151b527b547aba31fdb45f890efbe66a297284a72e1d643f
84e40468a472981cf6c37b92f4b03ddfb165d5d39820c8df107dd95ec28972f6
5f3960cbba2124dfcd5aefb07ccd58e3f0e71dc151176645f583801666654143
aaa4668b3a94a9f14387870861c1b3d41212027ca88a38ecab4625fc51b83a1c
0843d760a9ab88a92f467cfc90686259d1844487084550700e870b196682acd0
d54f6b978b77f848a93426b6df5988796da18c8722b33e9e7d70f1ff7abee003
cd3a23e2fd06c44ff951909bd0eca40794b4d8bd08024c52311cb767a000ef82
219ec727f70087216af89032e30bca11ebf1c7e09575ad873f4164d2aee0e355
53f451144d721b297c48767222518725a3b135d536950ef383958f59e1d2a578
1f0e075e659411ae485e798b0daf170e5b78f0e4d19547430e87fcdd1a51c484
0e451064d277f2bd86beb61d21615ff77954bbc5f3cbca5263ec8e3f872388cc
001bcedf8a59f692ee0bee322a267704e72338156296c599e5262c9a5afcb06a
7a2629fd44a35883a540d50b00a0d6228e5609859e973e964ddce753b5ac8d95
b68ea1f17449e0b63eb8e3ab05aa50ed46e697107c308f1f5ed595a51010cf96
d3e738c6917ead893191b337fdeaa53789903a6844d189da57c60c9e88c57d2a
6e5e53edc3c6d21524de76c1ec42765922955f49448cc11c51f87aa949bda248
d7d98d50287b47aaf67e47b0f271d4f84b11f174324817fb0be3913c0a9cb685
019ee92930a43708fc5a80af84e21cb45321e4fe3fcd49667863476c25922c08
af5a946a019f1c640d478735ea16c4c2ee5622f34a22b4c98fefeeb9bacbb5b1
95ee22aab54b2ce172df7826595e0d63365945cd4fd27178eab3cfa08fbe6c70
ba0f47d8afd73a2ef2241e35afbee3a12c41191126b108ca36e165e952283faf
2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76
d15b9a37cbf5da0c09bf2d0975efe095a34e44f4c632e0d43eb7bbf4acaea89b
e6449723945ab931b83b4b695b82a292dd9b700b9eae8c2a36fc61b4862e51fd
a66698cd87697aef3c247666d4e8c84a27a09c789c9b4de2743195caaadeb6ab
8048dcf4bd4c2a6c61c7d5edff668d2bca7f2bb50ffc3202a270a973baaac2ce
184a004727ca8dafef18078af49dae2b232ec5379cb4df363e0957bc6788deec
6c00911ae375107d4ef5d18af383121beea0ce125d92d16d36c4ac4726e9d505
7d81c98cddb925c3fd861efbf337b8df254c733d40b6c6572ec2154da28249fe
8f0a38b835a7d8055138245998a29ab5ee824e2291e19ef3e9cf3d676e676347

SH256 hash:

7811546dd1e7d38e141944967e3387ebe1f808c79e198a7f6d9f03b2e4f08ec8

MD5 hash:

376beedd6e4ba7375cc8ad8472b1eebd

SHA1 hash:

2c4871c7f4fa074ffedbe01ffc7cd738650af805

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/60aebfc8-7df1-4e47-bf45-5abd003ff76c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

qbot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2bd6835baeeca8804c86ea0e354b14df98dc102d039b414df7cc6bdde8686c76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample