MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd
SHA3-384 hash: 1236cc2998b5b489bc818bd0c9a797bb1ba726672c59c5974fd65a993034aba69fbe0c9979a576f5e2b51ab9eb013d36
SHA1 hash: 05c4a7a6923bfb57df17fd4ed08ac319028d11a1
MD5 hash: 00fbcdb7f187ad281a24546f9f0367b6
humanhash: glucose-low-august-alanine
File name:4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-07 17:10:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:LQUn3EEkCIARD83dokFICdy20s3NbDwaZ31EyIEgf9V8tjKkuGInR+HlZzmP6Mkw:LlkChOKxn20fRGKzPUhulLhJ9FCe
TLSH 1C3512D7F9BC8471CAED297F8993123C968A85E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 17:15:14 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4kwm6kqo4zaibvohxwymiusga3lquy4ttpiictfiddguntfaxoq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201108-26bjwpxdgx/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd
MD5 hash:
00fbcdb7f187ad281a24546f9f0367b6
SHA1 hash:
05c4a7a6923bfb57df17fd4ed08ac319028d11a1
Link:
https://www.unpac.me/results/fc5a55d5-eb30-48f2-b886-814be03bc59f/
SH256 hash:
78c5a96607a03a1307a29c9489e49ac5910ca6edd605d4efce226a54ea87b76e
MD5 hash:
edb8a157a75736acffd86fe6a057b433
SHA1 hash:
ffaba2d93b5367957367681b7a276dac1406f0de
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/fc5a55d5-eb30-48f2-b886-814be03bc59f/
Parent samples :
4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd
ac7368bd75142d7c2c0990811ddcf4962ac5c6fc42c3a4b6846dfd80423c2750
24f828742baaedb176d3dba0bdf3d06682c174a9b46b35bf5d145ee57f2aa643
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
58593fd5fb90f5fd420e3dcf0ed7e1fb5fcb5a3ac89acf685acc7d4c0e7df9ff
bf2e0f665eac44398fdeb7e3dc2451a9230686f6b8f0b18bb656d6a1bc8aad4e
d8be99a67635ce711c3d165e4e5ad8aad798bc398c92f8be924b5dec534063f0
54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e
SH256 hash:
2a54d561313fa6bcbfe4fb2329e69e769d0a5f855b89cfe71d51b61588e87dc4
MD5 hash:
f1ba8d054f6cf801b78859ba3202dc36
SHA1 hash:
e09d3954c6411ec457198d55a54caeea3e41da18
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/fc5a55d5-eb30-48f2-b886-814be03bc59f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments