MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 458f1e9ff95b22691bc8373b9a0829853404f0abbd2151504c030ca028ec15f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	458f1e9ff95b22691bc8373b9a0829853404f0abbd2151504c030ca028ec15f9
SHA3-384 hash:	b9532947f0fcc058292dd501dc87e8bbba4094da46749118d26b2e88133d109e365b6d5f06abff489644f24dec1ee9e1
SHA1 hash:	9b70977095fe25849888de28bfb047568c3c3a3e
MD5 hash:	a6c0f1d9ef1f7cf43ef1348fb577600b
humanhash:	ohio-triple-winner-snake
File name:	SecuriteInfo.com.Trojan.Agent.ERRX.8995.3610
Download:	download sample
File size:	559'616 bytes
First seen:	2020-06-02 01:40:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0c00edee433fb0a6d5c74113b44e7912 (6 x Quakbot)
ssdeep	6144:viGEtpvnii93Ku4n70GDV5RqXvN9EgS3fBHeg487ebxoDl:vmnieKP4GdqXVLSfR
Threatray	418 similar samples on MalwareBazaar
TLSH	B2C4DF9662BDD762E3FB527488BE74E9A9317C4D3B22CC371650B75C18713A08B25B23
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Agent.ERRX.8995.3610.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Qbot

Status:

Malicious

First seen:

2020-06-02 02:35:20 UTC

File Type:

PE (Exe)

Extracted files:

58

AV detection:

37 of 48 (77.08%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

013592351d28519fce674800c4e70e06ecf571ab0930c1d5bac03372010198ae

0e5372fd7ae262365e2be6438a14b3e2b5b72424580d53ae96ae347936df03c4

2118e27fafd62ffdc52bc5f485886eaccc4ef4d9c017952b6056b423dcec8a10

24f0117431531a4c2b31b595ca84bd1eb8741a80fe891da921b4ed65581ff91a

382ae412ae682c0c1241c2bbafec413b0f9bb5829a68ec199399dcb38e9cf05c

455a500ea93a92f98650b301e2198c019ea63821af4b70434cad46f05eae853f

974dee1b8ccdad03fcbed6849802dd1d25d3d4c655749fd910733746a1b1f3c2

aec4a8545ebb046d6f354225d51130616b6617b4d71f90f1e206864fb90c982c

c6f428373659b634d0f0a9f23c7afec8a4bab7ee2161582708e76539631bc708

caf2d5a1f94824ae9f51e8ad1bcd06f57f1ca1c84e14a228593659de6347c9c9

+ 408 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

cryptone evasion packer

Link:

https://tria.ge/reports/201109-1jgrwa2x86/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Creates scheduled task(s)

Modifies data under HKEY_USERS

Drops startup file

Turns off Windows Defender SpyNet reporting

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample