MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f9bfaa147313115297b1253aa4553197d8513debf097d85682a63f2ad2a32d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f9bfaa147313115297b1253aa4553197d8513debf097d85682a63f2ad2a32d1
SHA3-384 hash: debd6d52f12fd3ced105bc286024933cac7d6af8191092d01c310157af7364166b9925f5d7dedb64e49e51ff2d3fdec3
SHA1 hash: 1c49a3aae8219e386001be5a4cbe71c6edc0953d
MD5 hash: 81aa7763e5e6b0b8b45a1f2314d56613
humanhash: rugby-queen-lithium-quiet
File name:2020-06-08-initial-EXE-for-Qakbot-spx135.bin
Download: download sample
File size:1'191'440 bytes
First seen:2020-06-10 10:57:05 UTC
Last seen:2020-06-10 11:56:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash df4edf115738191829dd8f6effce64e3 (1 x Quakbot)
ssdeep 12288:JrK3pyiZP0yh4loxeCAZFfO1WMJ9e2HUS4z3C4K:52pyiZfaox2zkWM2eV4A
Threatray 419 similar samples on MalwareBazaar
TLSH C345E175FC6B960AC1B70CB2C5F22C676F67AFB4147F1A8993821C271DA28631D10D9B
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:HGWEOMXHYMDEHZQPAY
Issuer:HGWEOMXHYMDEHZQPAY
Algorithm:sha1WithRSA
Valid from:Jun 6 10:06:17 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 6E49A7E1876A14BB4344FE20A34EA72C
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 92C995BBC96F47A0BCA39DA00B774101291619368FF16C71F893920397A4044B
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.ESAJ.11590.22944.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 08:03:21 UTC
File Type:
PE (Exe)
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
013592351d28519fce674800c4e70e06ecf571ab0930c1d5bac03372010198ae
035d19d24120abe31bdf98122f3e329b15e57307a2262acc46a3b8426b8445ad
0e5372fd7ae262365e2be6438a14b3e2b5b72424580d53ae96ae347936df03c4
1bd86c8cb7a882ae71e0a7619369815b4518c1d1101cde74ac00f869a4035541
271af3d935212d2f2efe62775f20ccda94a12ce1a60f5c18a78e90b16e4f9f67
751e5ac7adada8cfff8723134e59fccfe02b1f948a43d569b698104c3b03a5e7
7a35e95b5c5ad0c2ca40f25acd09a0ca481254bf034ff198777ad1abd071d809
915c3441f6637976dfe4c25a115911d8ec6cea3c0eb8f6d4c89daf8a33be58e2
a5e45cc4c8c85b23bb9778543aef8894a3c92b623e7d09384c7afda35a9939fe
faf8184aa2a041106b6db4e567716ef5327df36371e5044b1c3818c1ac4d0466
+ 409 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
cryptone packer
Link:
https://tria.ge/reports/201109-qvr7wk23nn/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments