MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45493d88dd9d1670f48aee096d0ca99110337ffbd4d538dd39b2ef3a13cafa63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45493d88dd9d1670f48aee096d0ca99110337ffbd4d538dd39b2ef3a13cafa63
SHA3-384 hash: e696027adfb1539a1e1d319c0a66fe5318f05930ab4a92ec3df800ec573dfa4fab09f813df7443e88eb57c0e7123779a
SHA1 hash: ae68145df78dd1d520a6caf8fe81d9d0671cea92
MD5 hash: 16b95cc84b7b47a890f85320fbb6b224
humanhash: november-saturn-fifteen-california
File name:SecuriteInfo.com.Trojan.Agent.EWCP.11035.32670
Download: download sample
Signature Quakbot
Create hunting rule
File size:6'010'336 bytes
First seen:2020-09-08 22:09:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9a78c76417431884c38d6c29ae212b7b (15 x Quakbot)
ssdeep 6144:o4thSUHz9HRg1c5Fm0Dq7VTu0Cdvm2MU3Iv7HCuqBl9scWBJX:Ph3Hz9HeWFJDmV61AXuu6O
TLSH E956A0A216C25F8D932F7AF17A7F12E17F428B0850EC59A5C838FD14EA0797C944AB47
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/58012/
Detection(s):
SecuriteInfo.com.Trojan.Agent.EWCP.11035.32670.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Enabling autorun by creating a file
Detection:
qakbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/45493d88dd9d1670f48aee096d0ca99110337ffbd4d538dd39b2ef3a13cafa63/
Threat name:
Win32.Trojan.QBot
Create hunting rule
Status:
Malicious
First seen:
2020-09-08 22:10:14 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ivet3cg5tulhb5ek5yew2dfjseidg7732tktrxjzwlxtue6k7jrq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200908-k7htpsldga/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/45493d88dd9d1670f48aee096d0ca99110337ffbd4d538dd39b2ef3a13cafa63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/58012/

Comments