MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 382ae412ae682c0c1241c2bbafec413b0f9bb5829a68ec199399dcb38e9cf05c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



QuakBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: 382ae412ae682c0c1241c2bbafec413b0f9bb5829a68ec199399dcb38e9cf05c
SHA3-384 hash: 657a91189bbb77eafa38e6ce8ea0a19a3b4b4e750b729198e26b5ca6838a6453d27f268de68c17c5f2e1381891850bef
SHA1 hash: 4d51367638800728b94af5ba0b6d364c407c7773
MD5 hash: 5004555240fa78e8e49483e33f7550c0
humanhash: alanine-beer-one-tennessee
File name:Churchill.bin
Download: download sample
Signature QuakBot
File size:2'761'232 bytes
First seen:2020-06-17 11:49:55 UTC
Last seen:2020-06-17 12:53:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e80336862f35b45ff7d1507fba8cde5 (1 x QuakBot)
ssdeep 12288:utlQY2wwLHqpVxTa/shQHiKP8+Ykfgn6ggKX/cmr:uf2wwTySvPAkfg93Ph
Threatray 421 similar samples on MalwareBazaar
TLSH 20D5F137B89C441FD13748B395F116BB296AEFFD063A744E0D90B912A8A2ED34C51D8B
Reporter JAMESWT_WT
Tags:Qakbot

Code Signing Certificate

Organisation:XYXLIJAWWFYCNAVMTC
Issuer:XYXLIJAWWFYCNAVMTC
Algorithm:sha1WithRSA
Valid from:Jun 16 08:58:06 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -3523AD7BCF3A924DB51E0F53B71C5438
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: BBAA52B62E8082E6F58744B77A7F8A446CB487001DBEFF7C8F57956CA1DC63FA
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
2
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2020-06-17 12:35:50 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Result
Malware family:
Score:
  10/10
Tags:
trojan banker stealer family:qakbot evasion
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Windows security modification
Loads dropped DLL
Executes dropped EXE
Turns off Windows Defender SpyNet reporting
Qakbot/Qbot
Windows security bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments