MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e7650d1d701d1ecbe80d3067e55978d1986f3165046b4c726a1c7baf91cf7ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e7650d1d701d1ecbe80d3067e55978d1986f3165046b4c726a1c7baf91cf7ac
SHA3-384 hash: 7d8d9915980e09660c0aaf0a7101520b364da11f8dcfb7d166712894a2e832ef69809802b37599ec8dfad2c4ce9e9d13
SHA1 hash: a220c20c9a09a613ea26bfb645265aa099434170
MD5 hash: f58cf93a2c69f062932d9a27380edd09
humanhash: delta-ten-carbon-fillet
File name:SecuriteInfo.com.Trojan.Inject3.40354.24053.3023
Download: download sample
Signature Quakbot
Create hunting rule
File size:762'368 bytes
First seen:2020-05-22 05:41:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f775e5f2c7122a9f4550feacec30f2d0 (8 x Quakbot)
ssdeep 12288:OgU3965wVaFgq6LuM+0D2PNEtuvxNIGeperLIX:4kFgdnUVE1HerLI
Threatray 420 similar samples on MalwareBazaar
TLSH CCF47A0BEA3F4367DCC68A31DDBDB53A411A6CBBD23693067100FE9E9AF225115D62C1
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.40354.24053.3023.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 06:35:34 UTC
File Type:
PE (Exe)
Extracted files:
110
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c63faba52a07b325662821bd818f9a2f86e927ee9563c86ee832cb133d431b6
Quakbot
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
Quakbot
30294b7042b6e94b7ac7d2f6641b89017ace586f42143b3b61e4286e2c6e7af8
Quakbot
6833103ea9ce11c1a8deece38363ed984b60d736c9bf23f64fbb9ff9b8e6a8dc
Quakbot
7ec71cc6ad5841a4db6a15705ba7a68fc2c888426d3a0b56ac96f1c87bbdcdd9
Quakbot
9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317
Quakbot
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
Quakbot
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
Quakbot
da97d22eb7016e9daa46962d9c6eb47d9227ad534a996531b793cd00f71b36a0
Quakbot
f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
Quakbot
+ 410 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hznrsv97hn/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_qakbot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments