MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40479c0e95d9426135d1f65c7f29e1a782a5cc79f1dcd5cb2c04aa8995f06a0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	40479c0e95d9426135d1f65c7f29e1a782a5cc79f1dcd5cb2c04aa8995f06a0b
SHA3-384 hash:	becab65783d435ccf9fa0c8d8472cd99b3831d85182ae5925d24d49e36e7552a8ab32c35de641079e541c6a118b1d071
SHA1 hash:	dce9e552069c566255165cbd85b3c6a181e110c9
MD5 hash:	fc7ad2268e63f8f49aa0926eda094159
humanhash:	wyoming-hot-october-avocado
File name:	SecuriteInfo.com.BScope.Trojan.Qakbot.27629
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	565'776 bytes
First seen:	2020-08-07 20:35:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	629ddcc2800ed34aba51e5d163e3bf73 (8 x Quakbot)
ssdeep	12288:2Y5tItPhq8uTkMcFlviTUEWa7g4AqTVc2xrWLR:2eatJq8u4McvigElVAUVcarWd
Threatray	428 similar samples on MalwareBazaar
TLSH	B0C4D0617A752DF2C06249B34EF7C539DB5D1CA1334AC5411EB0F62E276ACAA5AC3CC2
Reporter	SecuriteInfoCom
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.BScope.Trojan.Qakbot.27629.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Unauthorized injection to a system process

Enabling autorun by creating a file

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/415584

Signature

Contains functionality to compare user and computer (likely to detect sandboxes)

Contains functionality to detect virtual machines (IN, VMware)

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Behaviour

Behavior Graph:

Download SVG

Detection:

qakbot

Link:

https://mwdb.cert.pl/sample/40479c0e95d9426135d1f65c7f29e1a782a5cc79f1dcd5cb2c04aa8995f06a0b/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2020-08-07 20:37:05 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200807-1lvkklp9w6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Runs ping.exe

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Qakbot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/40479c0e95d9426135d1f65c7f29e1a782a5cc79f1dcd5cb2c04aa8995f06a0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/42007/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample