MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53d23f68edbeb2b524c8dddec509f1157533ad2dbc2105523aafd436808ca587. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53d23f68edbeb2b524c8dddec509f1157533ad2dbc2105523aafd436808ca587
SHA3-384 hash: 768b9cc500275cd7f1b08899cf701593bd331088062dc8b5dc58104789ec7b9f80c6fccae58c8bda805ba92f45040b14
SHA1 hash: a581ad2476ed1c53af9364405240697c0c0bd1a8
MD5 hash: aae1575061e94a280697e0e6dee4e964
humanhash: mango-sink-aspen-happy
File name:SecuriteInfo.com.Application.Deceptor.AVV.29178.145
Download: download sample
File size:509'944 bytes
First seen:2020-08-11 20:35:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d5a36bb3349a6c111632bd2766d97313 (6 x Quakbot)
ssdeep 12288:aBsdTiUyExNxkdxNxwyxNxQxNxwrvE05exl0DPAsVgm/CQlzsOaIWaPaK888888n:T7yHrvE6eT0Dzym/CQJsOahrI
Threatray 40 similar samples on MalwareBazaar
TLSH C6B4D052A3E70072F6F9463D887B94609D363D65BAE1C99F7DB0F54E18702D248F2B22
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/43746/
Detection(s):
SecuriteInfo.com.Application.Deceptor.AVV.29178.145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Sending a UDP request
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/420375
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected potential unwanted application
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53d23f68edbeb2b524c8dddec509f1157533ad2dbc2105523aafd436808ca587/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 20:37:03 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1419b593b2dbbcada0712b97cb425448afb46857e35a3b811d4907ffffca0947
3987a758b4ba5aa5a7a88370559abb4468b8fed89b98bf341761a94c6fedb8ab
3a971cb00b359b0a9a86157d6e19e2710e7f42098eb4fdd3f8d46f5333cdbf45
4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7
599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f
68659662a735e14235e68e5edee17995b1443af662e6d789c5461c8733f4b3aa
7bf0912cd1d107e491c474767c3bd83b39d08e55fafa810d076a5da898ea822a
983e210faada072a0ae9b176d62294be695fd805c0096083bd2053e05d0ad7dc
99f851b8bb921318568a9c87ef39bc353c0e3c9af67a8f5078e957f4bb046491
e151320cbe3e8a9f44c3dfdacba4d741058c4ff30919d490eb8d552d4a8c6115
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200811-b7h1fyznlx/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Qakbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/53d23f68edbeb2b524c8dddec509f1157533ad2dbc2105523aafd436808ca587

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43746/

Comments