MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3921258e0a7606fa000b5fb41396944f50e1f6fe0d3ecf05a54bca44d4924416. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuakBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	3921258e0a7606fa000b5fb41396944f50e1f6fe0d3ecf05a54bca44d4924416
SHA3-384 hash:	cce27921b055b14c0beec3a604ee5ec98e934790a6e0469df459bc79341113e8386d754d9fc5da13ae931e9b07bac0d4
SHA1 hash:	40d2fec323c6272056b46e503e253045ee27a207
MD5 hash:	8a966afd175337581ffe29e3de5a4029
humanhash:	diet-sad-equal-lactose
File name:	8eb6220a63a6354be35e520903c11d7f
Download:	download sample
Signature	QuakBot Create hunting rule
File size:	1'094'120 bytes
First seen:	2020-11-17 12:19:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ba5c263c6125faae2c597950f7826711 (27 x Quakbot)
ssdeep	12288:5qflDFoY/r80NNHCW8k45hox9l7pUH4X6EQ2XbhI:50HQ0NNHCWZmO7aHeNbG
Threatray	1'674 similar samples on MalwareBazaar
TLSH	D235011BE1E35BCBE483817C59E290BAD532EF8DDB1BD46B2A18F0D871B63C5851E604
Reporter	seifreed
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Unauthorized injection to a system process

Enabling autorun by creating a file

Result

Verdict:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3921258e0a7606fa000b5fb41396944f50e1f6fe0d3ecf05a54bca44d4924416/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2020-11-17 12:24:25 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=heqsldqkoydpuaall62bhfuuj5iod5x6bu7m6bnfjpfejvesiqla._file

Verdict:

malicious

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/201117-agevq6xyr2/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

3921258e0a7606fa000b5fb41396944f50e1f6fe0d3ecf05a54bca44d4924416

MD5 hash:

8a966afd175337581ffe29e3de5a4029

SHA1 hash:

40d2fec323c6272056b46e503e253045ee27a207

Link:

https://www.unpac.me/results/4cd32739-624a-48c2-a41f-723cb8a5058a/

SH256 hash:

1e9735065120e5d2576c91a71b1f6eac820dde0263abbc4eada84a6b0381563f

MD5 hash:

05a09fd94fe764056021b87cf2c79bcb

SHA1 hash:

42dad22f13ddfe3ee69c72539aa84003be130a1b

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/4cd32739-624a-48c2-a41f-723cb8a5058a/

SH256 hash:

acf0d5c996cce4dbeebf6b32c645c149436ea52f7c8b3e84119463af5f96cd90

MD5 hash:

30b05d272fedb732db6c0f499c4aade3

SHA1 hash:

b871aa5457b8dbb4ac7ec8eb206c0d0237ae48ad

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/4cd32739-624a-48c2-a41f-723cb8a5058a/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample