MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuakBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26
SHA3-384 hash:	f41da8750add6ce4dc644f035cd94ff02e4d4001efdbcf7a265dcb9b35dbea03c607bd7c7fb1a2553aa9e6dba7f1988e
SHA1 hash:	ec7454a0e824a4396119f454a13333e26744c442
MD5 hash:	c23d679d5d2be5be83719e676b001339
humanhash:	lima-winter-nuts-victor
File name:	31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26
Download:	download sample
Signature	QuakBot Create hunting rule
File size:	1'065'536 bytes
First seen:	2020-11-05 22:25:48 UTC
Last seen:	2020-11-05 23:50:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	82c23e1ee79c35a4b779a3040d232a07 (54 x QuakBot)
ssdeep	3072:tU2P4gYgzuBeXRTZnDNNlJ06KEzGZV8uv793SVHrgCuo2zh2kB3dCrMOr3HhYvgM:tJ2gzwETZnl1Kj0sSwo2zzOxmvgVqd
TLSH	CC35D0D0E3A07C09E5673AB18771C7710C797C6B8170EA9F547A331AE5B32016B92B6B
Reporter	seifreed
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

QakBot

Link:

https://www.capesandbox.com/analysis/85238/

Detection(s):

SecuriteInfo.com.Trojan.QakBot.11.27468.25594.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Unauthorized injection to a system process

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26/

Threat name:

Win32.Trojan.PinkSbot

Status:

Malicious

First seen:

2020-10-29 15:31:17 UTC

AV detection:

36 of 48 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=gh5lqhqupqmgiyttwwxajtx3zt5lgvmabzvsi7pfcpfustqm7uta._file

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/201105-3ncr936kxx/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

bf6f3e04249cf4a34f7556636c679ff1c78e2414fd37868eef6d100cb7282fae

MD5 hash:

df598a3910b9f05031cdf890b7f46d13

SHA1 hash:

0cf9d9322c4f984cbf917b6e58afde58721f6ff7

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/29fa396a-3e22-4210-b620-6a769dd44e50/

Parent samples :

c1f8229843775292493bd216fab958d931724b05118e11ff31b88701a60f481e
2dc8c6d4a258da90c8264ed93eea388c46f2e0206604a62d1325ed0c80eae78d
9d3d2f050b18db0f64de13e177451eafe444a0efae7ca187a8e19fada9bab69a
3ad143fe091e2398207ac89ed82cc31f5bee574def93abd938e001b35898fbbc
aaa0da1c0fb9454c515f728a3f1f96522acbec7e19af77d4b29dbcb429989b06
664772bd38ffaf9acb17b9485747ba706d7ddf1d8374f8fd6594251d1df85be9
9f90bdf9ba391e45d111d84c6f59f074410928c306feef877ee9e1a2e0668f16
0d933e515644aa66a7966a9b130c0dfea79387519ffece98c9b532beb465c0f6
27d5472270d1f4e22dec38a609bd1ba13da98f0402da00854356a434dd35e9f7
e55c191f081d06d46846f73db4d847c3a08da2a517b70ee119f2586c308ebd1d
d3d383c69c158752996ccacaa56ddbdb43622ae9c09881a5748619127081550d
235568c5852d8e14ba67dc20a3ec55ea149102a31e91de23e9a0195694b4a023
e7f59c4c54d50daafd2a75a679887f45353de0ffec9b01bebdb3c07bf99ee648
2bdf1c126de8c061c5f06b07848f4a8cd739d65775b15523689d3640c5782cbe
0c2785c84f3b4698ce6b2b45293c04b108d89c224d65aac5fe17a41aeaa3370b
6d591e0b8cadc9b48c8dd2d10b71d5ef71807c2a209d00dbebbc92ee86d5c3b3
1dbca928e5e4c046ed38226be564a4f9d42954105d59fa5e126d9027fe0071e8
31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26
a1797622ac302556748e768a266c38a661c64fa4dc5644c5b671e075f6d60b07
ff04c2946ed2b1a35e2df86e483046e7789c89d024fb1bfed62aa008ff83801d
b91a1b6bebb18aeb5f8be1f1d68041b370de1c5e081786f283698932ed6ae1af
608eb9fb00e7ca6e5e892af6ef0186c1bcd21238284e7dfe217e178b1dcc9a26
c7d441730268513a93810fb4249f534259fd9d330ea7605ffc6c6b20ff528a73
4501f4605ab99f013c75de4c2ee39bba7632479ab28733de38bc5c7ad78dfac0
e3a9d373d1b1702563c2d233f45ecd5a6c04af88bb950b5d273ac75374c1b4d6
308c0bc34011d739fe7546bbef874c6267e77a7e1bea698380bd9602971e00b8
bc42b5ac4bd1c089c3db960be4011cb25e170573236444df0e6861eab87b4243
676c897d933e6d0123b54f1be67690aa7a02a93622a29bc77e2cfc0d34ade3bd
39aece13ac26b4bbe6fda8a7338482f28bede5d089dfb5ab0d0e3803d878d36d
0b759c4168882c3fdf101507c2a5cb246244f792eb478b5a5195433a0a8eae69

SH256 hash:

4b745ae9f0096e8ace0e3aecf6e7e01cebb5c175a98b6ddc0d9ccd67abd92794

MD5 hash:

3c545e2c4dc89966195ce2f78cca2e09

SHA1 hash:

e9a387c32684e5fe201129b0e7d008895181e23b

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/29fa396a-3e22-4210-b620-6a769dd44e50/

SH256 hash:

31fab81e147c18646273b5ae04cefbccfab355800e6b247de513cb494e0cfd26

MD5 hash:

c23d679d5d2be5be83719e676b001339

SHA1 hash:

ec7454a0e824a4396119f454a13333e26744c442

Link:

https://www.unpac.me/results/29fa396a-3e22-4210-b620-6a769dd44e50/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/718638/

Cape

https://www.capesandbox.com/analysis/85238/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample