MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d8bc67bb77836ec4d9e2ab1e32a825aad31b5367fe2aa82d50fd6175ce3932f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d8bc67bb77836ec4d9e2ab1e32a825aad31b5367fe2aa82d50fd6175ce3932f
SHA3-384 hash: c52d481ef93adf696979b837414301156fd78be0d489bf8fe0c5a67c60d65f578596560de2ac793eac2bf86d34a0b670
SHA1 hash: c618ecd189c73e42f3c2731482abe0099e8fbcf8
MD5 hash: 645bd2f0395cee91794c7d0e3e81a815
humanhash: california-happy-oxygen-blue
File name:SecuriteInfo.com.Troj.Qbot-FS.17714.23602
Download: download sample
Signature Quakbot
Create hunting rule
File size:762'368 bytes
First seen:2020-05-21 19:51:02 UTC
Last seen:2020-05-21 20:45:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f775e5f2c7122a9f4550feacec30f2d0 (8 x Quakbot)
ssdeep 12288:9gU3965wVaFgq6LuM+0D2PNEtwvxNIGe0erLIX:dkFgdnUVET6erLI
Threatray 419 similar samples on MalwareBazaar
TLSH E2F47A0BEA3F4367DCC68A31CDBDB23A511A5CBBD23693067100FE9E9AF225515D62C1
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Troj.Qbot-FS.17714.23602.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 20:35:21 UTC
File Type:
PE (Exe)
Extracted files:
110
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c63faba52a07b325662821bd818f9a2f86e927ee9563c86ee832cb133d431b6
Quakbot
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
Quakbot
30294b7042b6e94b7ac7d2f6641b89017ace586f42143b3b61e4286e2c6e7af8
Quakbot
6833103ea9ce11c1a8deece38363ed984b60d736c9bf23f64fbb9ff9b8e6a8dc
Quakbot
7ec71cc6ad5841a4db6a15705ba7a68fc2c888426d3a0b56ac96f1c87bbdcdd9
Quakbot
9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317
Quakbot
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
Quakbot
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
Quakbot
da97d22eb7016e9daa46962d9c6eb47d9227ad534a996531b793cd00f71b36a0
Quakbot
f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
Quakbot
+ 409 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201109-8zhl83kb4e/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_qakbot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments