MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
SHA3-384 hash: 5bafc49d09fb94ccda980652b41a5c11d9764aac0b96e002fc5261f8eec684e0fcd22530c2a08af2d46fd69cc1ae7780
SHA1 hash: 6e92c78717f159e3e571248749f9e57c9ece6603
MD5 hash: 5d48ea743ece4c331f5c637cda1c2028
humanhash: east-friend-apart-twenty
File name:36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-11 11:19:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:dDYHdnBsYhIARD83d9kFICdy2MsuNbDhbZ31EybEgfdfMtjKkfGInR+HlZzmf6Mh:dIKYhhOXxn2MI22KmfUhulLhJ9FCe
Threatray 1'090 similar samples on MalwareBazaar
TLSH 883522D7F9BC8471CAED29BF8993123C968985E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:20:51 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3yj4mhywp2o72cf2truj2chegojyyvh7kngdqwy24ewtumxe3wa._file
Verdict:
malicious
Similar samples:
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
QuakBot
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
QuakBot
18a52a088f46ae8a4dbfc27760bdb3e22dda61ed353c8b8ff3dc16aaa1df4c43
QuakBot
24f828742baaedb176d3dba0bdf3d06682c174a9b46b35bf5d145ee57f2aa643
QuakBot
279c511ba3dd0151e5c969eeb34924fbdb4707d0ccd4d0ac36dc9f63324a7582
QuakBot
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
QuakBot
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
QuakBot
a401e9208a31cca327a31ee872a258b358dbd276304625e461d46f5c656d5723
QuakBot
acb1a2562d23cd06da04a144712d3a0fbe7a7c37cd7532a2f0986803e44554ce
QuakBot
e623ccc3e7951238e956cd57702bc2375b0649d5d550fb4ad29e24f6b9323adf
QuakBot
+ 1'080 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201111-n57msgkeke/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
MD5 hash:
5d48ea743ece4c331f5c637cda1c2028
SHA1 hash:
6e92c78717f159e3e571248749f9e57c9ece6603
Link:
https://www.unpac.me/results/f3a8f8c0-4949-4e93-93c9-972a9fb5e0bc/
SH256 hash:
f020355c6de8c2b74d97c3035206d03de27460e0028ea76d60d02550fa76d93c
MD5 hash:
d02c1f7295564f910347f1e7bb4d93ab
SHA1 hash:
df5519de0ec1c45f3d28bd6aaf02b9467c09f15c
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/f3a8f8c0-4949-4e93-93c9-972a9fb5e0bc/
Parent samples :
c96411f12a48da05040dc9cccf208ae0506bbf1c8d1c2e5a6b02fd5f26eadcf0
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890
b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d
SH256 hash:
e2dcb8811065d7f84e91153545a3e2abf311247eb0fde3d95c501889ca1debfa
MD5 hash:
1eb61343f8c835270ee7771e12c88b20
SHA1 hash:
e2d09251a0ad8674a09cabb791281016e54014d0
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/f3a8f8c0-4949-4e93-93c9-972a9fb5e0bc/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments