MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4180c4c11e631a7545d40dadb74280c00f53271a75b113c387bb87adaf2cecf7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 9
| SHA256 hash: | 4180c4c11e631a7545d40dadb74280c00f53271a75b113c387bb87adaf2cecf7 |
|---|---|
| SHA3-384 hash: | df1964b2f0f11f0db87c7ac439e7919132e1bea9ebcb38aae1d8fd51f51a3c299a18085ab2b237add163e167bf8a1f3b |
| SHA1 hash: | f415cfd1f18f4fc6a793f175875843406dd7846c |
| MD5 hash: | 8e122f760db0b05989ebbab17587ea72 |
| humanhash: | summer-mars-lake-missouri |
| File name: | rrcbu.exe |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 318'992 bytes |
| First seen: | 2020-11-02 21:36:25 UTC |
| Last seen: | 2020-11-02 23:46:25 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| ssdeep | 6144:035szM3NI37zmlevC6wgD64VnBZsbdwhs0dPMmAMB0lHdoU/6:03izMdOWbXkE0dPnYKd |
| TLSH | BA64E04153D8C752F0336EB6836ED3670AA23D51A4256FAFCA80B39D1B3A8714F53B52 |
| Reporter |  malware_traffic |
| Tags: | exe Qakbot Quakbot |
Intelligence
File Origin
# of uploads :
2
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2020-11-02 21:38:06 UTC
AV detection:
29 of 29 (100.00%)
Threat level:
5/5
Detection(s):
Malicious file
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:notset campaign:1596817234 banker stealer trojan
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Loads dropped DLL
Executes dropped EXE
Qakbot/Qbot
Malware Config
C2 Extraction:
47.44.217.98:443
86.97.146.204:2222
65.60.228.130:443
216.201.162.158:443
94.59.24.79:995
108.46.145.30:443
24.139.132.70:443
47.206.174.82:443
188.52.106.206:20
72.204.242.138:6881
173.173.72.199:443
71.163.224.206:443
63.155.9.141:995
100.34.195.237:443
47.39.177.171:2222
96.20.108.17:2222
115.21.224.117:443
70.164.39.91:443
45.47.65.191:443
207.155.107.111:443
75.82.182.228:2222
108.30.125.94:443
73.227.232.166:443
207.255.161.8:993
24.122.228.88:443
64.130.165.255:443
200.38.254.177:443
100.4.173.223:443
172.242.80.243:443
71.74.12.34:443
174.80.7.235:443
151.205.102.42:443
84.247.55.190:443
201.248.122.51:2078
72.190.101.70:443
108.183.3.41:443
151.213.81.220:995
5.193.178.241:2078
179.14.167.91:443
24.71.28.247:443
100.43.250.74:995
73.60.148.209:443
24.234.86.201:995
95.77.144.238:443
156.213.224.213:993
51.241.113.55:443
86.182.234.245:2222
71.220.191.200:443
199.247.22.145:443
173.245.152.231:443
151.76.217.248:443
191.84.3.226:443
31.5.21.66:443
68.4.137.211:443
141.158.47.123:443
130.25.130.19:2222
5.12.50.188:443
72.142.106.198:465
96.234.20.230:443
166.62.180.194:2078
75.136.40.155:443
98.243.187.85:443
65.96.36.157:443
67.11.43.93:443
81.133.234.36:2222
41.227.89.38:443
201.127.3.56:443
174.82.131.155:995
189.130.26.216:443
75.182.214.87:443
47.146.32.175:443
84.117.176.32:443
188.15.173.34:995
12.5.37.3:995
74.75.237.11:443
200.124.231.21:443
5.15.84.129:443
121.164.25.197:443
96.35.170.82:2078
165.228.200.94:443
103.238.231.40:443
189.223.67.205:443
151.73.114.37:443
71.197.126.250:443
187.200.109.243:443
65.48.219.199:53
24.99.180.247:443
173.163.115.89:2078
71.192.44.92:443
84.117.60.157:443
68.116.193.239:443
71.182.142.63:443
188.52.106.206:443
37.210.160.50:61201
67.6.62.74:443
100.38.164.182:443
193.248.44.2:2222
74.222.204.82:443
209.182.122.217:443
156.222.64.172:995
24.44.142.213:2222
71.83.16.211:443
69.123.179.70:443
70.126.76.75:443
188.173.70.18:443
69.47.239.10:443
201.216.216.245:443
98.219.77.197:443
75.110.250.89:995
97.124.162.104:995
2.88.50.153:995
70.164.37.205:995
217.165.110.181:443
104.235.63.89:443
2.90.70.49:995
66.30.92.147:443
98.26.50.62:995
217.165.112.13:995
46.248.41.66:995
94.59.241.189:995
98.4.227.199:443
76.111.128.194:443
189.163.82.104:443
72.82.15.220:443
67.209.195.198:443
149.71.51.2:443
99.195.112.165:443
73.228.1.246:443
77.27.173.8:995
68.39.160.40:443
108.45.89.47:443
68.59.27.48:443
95.76.109.181:443
80.240.26.178:443
72.214.55.195:995
199.247.16.80:443
74.109.219.145:443
108.51.130.83:443
76.187.12.181:443
187.192.233.135:995
99.231.221.117:443
72.240.200.181:2222
172.87.134.226:443
84.232.238.30:443
68.190.152.98:443
67.165.206.193:993
75.183.171.155:995
67.8.103.21:443
70.123.92.175:2222
92.59.35.196:2222
86.97.146.204:2222
65.60.228.130:443
216.201.162.158:443
94.59.24.79:995
108.46.145.30:443
24.139.132.70:443
47.206.174.82:443
188.52.106.206:20
72.204.242.138:6881
173.173.72.199:443
71.163.224.206:443
63.155.9.141:995
100.34.195.237:443
47.39.177.171:2222
96.20.108.17:2222
115.21.224.117:443
70.164.39.91:443
45.47.65.191:443
207.155.107.111:443
75.82.182.228:2222
108.30.125.94:443
73.227.232.166:443
207.255.161.8:993
24.122.228.88:443
64.130.165.255:443
200.38.254.177:443
100.4.173.223:443
172.242.80.243:443
71.74.12.34:443
174.80.7.235:443
151.205.102.42:443
84.247.55.190:443
201.248.122.51:2078
72.190.101.70:443
108.183.3.41:443
151.213.81.220:995
5.193.178.241:2078
179.14.167.91:443
24.71.28.247:443
100.43.250.74:995
73.60.148.209:443
24.234.86.201:995
95.77.144.238:443
156.213.224.213:993
51.241.113.55:443
86.182.234.245:2222
71.220.191.200:443
199.247.22.145:443
173.245.152.231:443
151.76.217.248:443
191.84.3.226:443
31.5.21.66:443
68.4.137.211:443
141.158.47.123:443
130.25.130.19:2222
5.12.50.188:443
72.142.106.198:465
96.234.20.230:443
166.62.180.194:2078
75.136.40.155:443
98.243.187.85:443
65.96.36.157:443
67.11.43.93:443
81.133.234.36:2222
41.227.89.38:443
201.127.3.56:443
174.82.131.155:995
189.130.26.216:443
75.182.214.87:443
47.146.32.175:443
84.117.176.32:443
188.15.173.34:995
12.5.37.3:995
74.75.237.11:443
200.124.231.21:443
5.15.84.129:443
121.164.25.197:443
96.35.170.82:2078
165.228.200.94:443
103.238.231.40:443
189.223.67.205:443
151.73.114.37:443
71.197.126.250:443
187.200.109.243:443
65.48.219.199:53
24.99.180.247:443
173.163.115.89:2078
71.192.44.92:443
84.117.60.157:443
68.116.193.239:443
71.182.142.63:443
188.52.106.206:443
37.210.160.50:61201
67.6.62.74:443
100.38.164.182:443
193.248.44.2:2222
74.222.204.82:443
209.182.122.217:443
156.222.64.172:995
24.44.142.213:2222
71.83.16.211:443
69.123.179.70:443
70.126.76.75:443
188.173.70.18:443
69.47.239.10:443
201.216.216.245:443
98.219.77.197:443
75.110.250.89:995
97.124.162.104:995
2.88.50.153:995
70.164.37.205:995
217.165.110.181:443
104.235.63.89:443
2.90.70.49:995
66.30.92.147:443
98.26.50.62:995
217.165.112.13:995
46.248.41.66:995
94.59.241.189:995
98.4.227.199:443
76.111.128.194:443
189.163.82.104:443
72.82.15.220:443
67.209.195.198:443
149.71.51.2:443
99.195.112.165:443
73.228.1.246:443
77.27.173.8:995
68.39.160.40:443
108.45.89.47:443
68.59.27.48:443
95.76.109.181:443
80.240.26.178:443
72.214.55.195:995
199.247.16.80:443
74.109.219.145:443
108.51.130.83:443
76.187.12.181:443
187.192.233.135:995
99.231.221.117:443
72.240.200.181:2222
172.87.134.226:443
84.232.238.30:443
68.190.152.98:443
67.165.206.193:993
75.183.171.155:995
67.8.103.21:443
70.123.92.175:2222
92.59.35.196:2222
Unpacked files
SH256 hash:
4180c4c11e631a7545d40dadb74280c00f53271a75b113c387bb87adaf2cecf7
MD5 hash:
8e122f760db0b05989ebbab17587ea72
SHA1 hash:
f415cfd1f18f4fc6a793f175875843406dd7846c
SH256 hash:
1f969b07be2ae3410e78ee586fbfed26cde532020dfa4c0790400c730bec5c4c
MD5 hash:
677a73374bfb15b3863e44e1f55a7984
SHA1 hash:
2520f1529d291523a7f99741f90e08521ec73040
Detections:
win_qakbot_g0
win_qakbot_auto
SH256 hash:
ee52f08b5206c03fc204a9ca9dcbd2222325b68c2d596424485c3c44a88339d0
MD5 hash:
04402b81812c8577c0fe374c5e0f9c32
SHA1 hash:
49165f7b9da9b1142d7a58cc1c1e0cec57304773
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.