MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 464ce8619b8be7a6a724ac23777ecaf20be27686bd02ed7e9b4585c30d5e7d8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 464ce8619b8be7a6a724ac23777ecaf20be27686bd02ed7e9b4585c30d5e7d8d
SHA3-384 hash: 86e34aa475f7fedab3ec1b935c03f8fb512404dabc5abf78030bfa8012c5e6465f6d6264911691debef0d347f631390c
SHA1 hash: c939eb2761ac047464632fadf8a9009d7c0a5cf0
MD5 hash: c82005100e1b56ad7b52dc461d341e10
humanhash: spring-eleven-double-eight
File name:464ce8619b8be7a6a724ac23777ecaf20be27686bd02ed7e9b4585c30d5e7d8d
Download: download sample
Signature Quakbot
Create hunting rule
File size:4'362'752 bytes
First seen:2020-09-28 22:50:39 UTC
Last seen:2020-09-28 23:47:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4328f7206db519cd4e82283211d98e83 (533 x RedLineStealer, 18 x Arechclient2, 15 x DCRat)
ssdeep 98304:Py0NeWRL7aOMPdtshrhDD48QUbs0XYVmMYKdlZUXVj4OJiv37:Pgqfwtq1cn0IVOKeXSI
Threatray 958 similar samples on MalwareBazaar
TLSH 2116337827A15643C11E967EF93EB55DF2AA7360EE7C9975016613B81082FF033E42CA
Reporter malware_traffic
Tags:exe Qakbot qbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/66550/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43922183.11055.10720.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for analyzing tools
Searching for the window
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/476906
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/464ce8619b8be7a6a724ac23777ecaf20be27686bd02ed7e9b4585c30d5e7d8d/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-09-28 22:22:43 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=izgoqym3rpt2njzevqrxo7wk6if6e5ugxubo27u3iwc4gdk6pwgq._file
Verdict:
malicious
Similar samples:
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
Quakbot
276ff250495d6b475c84a26dce4faa535f976780fdfc69cc0dc831dba3451a5c
Quakbot
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
Quakbot
389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf
Quakbot
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
Quakbot
7a445143a652f58fa4abc4957269aea8f884f71e7f4654b56385491eb544b0a5
Quakbot
7c2bcbc90aad473e93b52051f11b1c1d8f3d9436b7d95b49e1ca4c7c835b0115
Quakbot
9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd
Quakbot
9db79c06f6927e8e60151a16a65cea76e306f746ddba026a0b1d12a355f7f16e
Quakbot
a78df3ea7c9bcf96c6c9db033be7a66d9c418c1acfa3c8efc3c4ba313c5b4fad
Quakbot
+ 948 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/200928-6m26xzfy3a/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
464ce8619b8be7a6a724ac23777ecaf20be27686bd02ed7e9b4585c30d5e7d8d
MD5 hash:
c82005100e1b56ad7b52dc461d341e10
SHA1 hash:
c939eb2761ac047464632fadf8a9009d7c0a5cf0
Link:
https://www.unpac.me/results/0d528197-8ac5-431d-9014-71142738f723/
SH256 hash:
dcb842f5e0da9d486cad34d4b809dcaadf9ec4d6991fdb22bdc9aea66489ad1a
MD5 hash:
c02a029c978f13b753c6b578b1588c75
SHA1 hash:
e125d59451e7f467bfd329a00a506decbcd91d83
Link:
https://www.unpac.me/results/0d528197-8ac5-431d-9014-71142738f723/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/464ce8619b8be7a6a724ac23777ecaf20be27686bd02ed7e9b4585c30d5e7d8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/66550/

Comments