MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7
SHA3-384 hash: 7d469992dfe469fa03a58acf6523ca7661585dbac8fffe02c07d4e0efede20debc949361a8a8d3b713fd2e58771b6077
SHA1 hash: d1ca3594fe2bfa2d39833fc9fb307ce0e7298181
MD5 hash: 2bd87adeace6cf729205e3ec1ae2de5f
humanhash: artist-romeo-california-freddie
File name:SecuriteInfo.com.Generic.mg.2bd87adeace6cf72.21106
Download: download sample
File size:630'264 bytes
First seen:2020-08-11 04:28:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ca2f78165c50f54d7f09ef66056f5964 (5 x Quakbot)
ssdeep 12288:DM/QZ0d53n/W7K4PJDYUYemYrkIRRogm/CQlzsOaIWaPa2888888888888W8888e:w9dNn/6hQDrIR1m/CQJsOahr3W
Threatray 23 similar samples on MalwareBazaar
TLSH 55D4E003B3D74879F5B64A3884FA48A14E337DF827E0D95A3DB4F40E29B02925975F22
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.2bd87adeace6cf72.21106.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/417713
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 04:30:10 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3987a758b4ba5aa5a7a88370559abb4468b8fed89b98bf341761a94c6fedb8ab
3a971cb00b359b0a9a86157d6e19e2710e7f42098eb4fdd3f8d46f5333cdbf45
4856aa92825a6c51304e39d51d5ea92c35e290936589039548612e8f927ce974
531b5d8939216cbba9c4c8b9aee9d550dea1dd317d9fe9a3c9d7eb9ada13d090
68659662a735e14235e68e5edee17995b1443af662e6d789c5461c8733f4b3aa
7bf0912cd1d107e491c474767c3bd83b39d08e55fafa810d076a5da898ea822a
99f851b8bb921318568a9c87ef39bc353c0e3c9af67a8f5078e957f4bb046491
b1139bd83cc58fed71d413dac9a20c56b059cee03170a5463567f6f1155b0336
e151320cbe3e8a9f44c3dfdacba4d741058c4ff30919d490eb8d552d4a8c6115
f1748543fd3d8ad75889012685d7ca632f257723dc5454ebfadd32c1cf2f1ac6
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200811-gtzmeb94z2/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43037/

Comments