MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831
SHA3-384 hash: 05d82223b18071369e948a89f88b76c89b9c0307421d434b6adce1f75f83045bdd7a5fdf32ad0a9e30d5c8dd3411ab20
SHA1 hash: 13731562621c89013f9a4d7bed5fac63b2920446
MD5 hash: b335635e366c4c60592daaf3a7b4203f
humanhash: avocado-princess-three-white
File name:36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-06 11:33:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:KRawthaHqZIMRD83d5kFICdy2cs1NbDEWZ31EylEgf9RItjKkuGInR+HlZzmr6Mh:KR2qZtOzxn2cZ+aKTrUhulLhJ9FCe
Threatray 777 similar samples on MalwareBazaar
TLSH BC3512D7F9BC8471CAED287F89A3523C968589E85D05D10B073869ADBDF3200BE9644B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13628.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831/
Threat name:
Win32.Trojan.QBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 01:02:50 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gyzsux7dwbhwg6z2faoijdpzgyy3n77idkljguff5rz54tkefayq._file
Verdict:
malicious
Similar samples:
11c6c84f4c67d7ab23c20984648b03289deca9e39dea861b092e0b5fce747b06
QuakBot
21f679e610da831b5793f874a1c1e10c6fcb66a2816b46ecb9081d0672fcbeb6
QuakBot
3ca3e5b6d16a79254fc3a225630ba6ccce14af026d05a7d07d52035f556c2743
QuakBot
4a4df13254e5f1e62f8ab02703ebc5d96ecb97ab979f7a8e3a80120935a4df9e
QuakBot
73d8eec4558786e302ac9d8d4252a60eebdf4f66eec9925b58d437dbaa5d826e
QuakBot
8f3b20670faef6e2e81e2e679af9397ced5ed3116af03585d7f80986451e9987
QuakBot
96e21a6d02770fdff74ac912154f8c7c7a934d7236360485920c8550fa0050a1
QuakBot
bcd506c83a908de270fd5fbe9ec541c42a6305a542edd9327ad86657656de4b3
QuakBot
cbea93d2d24af4fa47dfa9e359a44452f31bff6d65f194cc720684e48a2c90f5
QuakBot
ce42bacf0b5fc43144e33f10aeb9de744de818f85dc44da62b05e64204c42580
QuakBot
+ 767 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201106-8b54fdtcx6/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831
MD5 hash:
b335635e366c4c60592daaf3a7b4203f
SHA1 hash:
13731562621c89013f9a4d7bed5fac63b2920446
Link:
https://www.unpac.me/results/4055e593-7416-44e9-8a9f-bd194193b6ee/
SH256 hash:
b2245e70317ec7dcf7eeec79ce69303c70c9e8ce0e735f58be4a3cbd9a1aa32f
MD5 hash:
1cdef31263a0d2d690a3234795b357da
SHA1 hash:
6d9987126a98e89d72cc6ffbdf62065b3a319abe
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/4055e593-7416-44e9-8a9f-bd194193b6ee/
Parent samples :
3ca3e5b6d16a79254fc3a225630ba6ccce14af026d05a7d07d52035f556c2743
cbea93d2d24af4fa47dfa9e359a44452f31bff6d65f194cc720684e48a2c90f5
ce42bacf0b5fc43144e33f10aeb9de744de818f85dc44da62b05e64204c42580
73d8eec4558786e302ac9d8d4252a60eebdf4f66eec9925b58d437dbaa5d826e
96e21a6d02770fdff74ac912154f8c7c7a934d7236360485920c8550fa0050a1
18c4314cf758c6745a883c8281c46307e0101974e1d3604fb59b0e806725e5d0
74e832a79ffdd9830db4eb1acc11150a3be94d1ea3665138c9454bd066dd0f95
198f84cee0dae79cda9db5518ba28e2b23000f2fb5735b0dad188bc5972a5afd
ff996f55536de7a67bd73ad8bc3d79a2b39fbacf097c4c506fc7ec0093892588
279a8de5e39df1db685c2c3f3a7ef24ce3a080f485ef4258f3af544ba3f0a170
4dece4f8f1843e688841d1af9c4bf04ae4750c45ab6ab1aee6c8e584882fa6e1
3ce99c8cb67713268cb97548c173ebbd2e9a78b8d2e2a313aafdf84fb1bb109f
3a170ddf4a5187f7bdb2ebe0d2bb50f1628efe9aa17cb79691fdc7b639c20983
f807aeb37f1d5ae92f3c526b1671f6de8ee9071a6b095f1578d535574445d935
80409175a0c0b823892302d5fe864b8cf8e7adcf7c3224cdfc42d3440089f56c
d1ae43466c5c168ce5f6b08a8b1cebed1c50c4e830f5d4d8edb3b0a1707637ba
48a5c7982d3a0aad3a316d391be806bf4518a3914e6304ca23791b1a96f7a696
333e420c622641ce1d0e90836e2d6de9512a8668f36b29bcee286d0dc0362ad4
c648cdade25de484dd01fb660e5b6a0b5c04ce2f8e39fc3003d66f7ceecf8ba3
55b595b2b235716148d0d97ec9e206b5236ef4eb50fc319076d7dfe12e9f31f8
3889e86218b5cd959cc18ea5c14d669b72abf79e16553c250f783f0570da5325
c8d8dac841ae4780853d4e077265967a55ba5327cc7a6097fa88db11f09cc8d4
e765e101f19ac53b1ac1796e8df871a3317c139d2cf9963f0b9ce4877c6a34b4
18e515b87f2113e0cb01aee82cde91912f49ef2bae35a25370d4450f760f4c8d
e7ee18860de04ba320ca073bc31af13d7ad12243b6e50ee56e203e082d4fe2bd
d09d81afbfbf62c6c9ec7deb3c05c699b909c4272698eee14fa21fc09b13c747
efaf18151dcff71f99c514983e1422c7a55db5bdaaac3c01577154f7602f8394
a3326f70eec68273df75df9e431840627ac8c1c4f04be69e6765389effa3170c
2ce0e3f6bcfd706d3b2776301557a2dc3848a2327ad7466f84d8001f15004690
ac7b9830f90d43ca657e76d9d61fd9efbee50ebe1ad5862e35ffdecb7562ebf9
80d310a88b41d69098d4ad67bd64724933bde084e7a55ebde5e3c73664e49e5e
3657746febac3e11b3a87644b383881675bc2059157a82023d4b5b1cd0b09e3c
d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f
e911a974637256342c4378618b9e0e62f1d77566520977f9f06d03a9f77c94dd
81d9bb47df5527528498454b8e3c657e799a9b253a14e73071bd4a00806456f6
1d4a1f599a48fa710927daeef32a4e509000d2c13cad1bc0b078be9ac0fa2fa1
d1398bbc8382f2b58a852161106c3a1af471ba4df0afe4f8043bd6d711e3abef
ba8b76fe44cfecb234e2ea47adc293fb4e8a7c62119776aab010c2c87500871f
88d2abc1412d8534cf237378933598cd02179225691a298c65e871e77a12de25
36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831
224a2648a7943386f7b3b6b9f22d87d8c7fec9466cffe24a77f17d7a621b8a79
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
b47d309f16f635798176c9d24035d0bc145b580512adb81191f0ce8684b8b9d5
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
43ba9c85b598b5cfcd1fdff00351fe461ab214b1a2b00efcf45f429b5893b0a1
7e0e9f3a1f1bae034cd67784a804dd40375c5b738f7083c9e337197a296425ef
d87d94fd2a6dc33fa5a443f18dc996b513d565d0edd88a88bb322c53f9111aca
SH256 hash:
9d99ee3a1803ad3cbca39f95b11661493d68c849914811341f0f56ca86636ddc
MD5 hash:
e859a2163da8abcd6d803350a4ae749a
SHA1 hash:
c8960fbed5c6f6d159ef69111b4d6329bc710561
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/4055e593-7416-44e9-8a9f-bd194193b6ee/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments