MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54143d46ffc8e27ed096659781ace6b86d64e60c6824a59104816f6b2eab0905. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54143d46ffc8e27ed096659781ace6b86d64e60c6824a59104816f6b2eab0905
SHA3-384 hash: b9e3c7ac4e656dce3ae4c4470bcea4b9171e09427d50d50e7d4d98cb61987fd3b769d71a05d0971a5a17d6a20f4085be
SHA1 hash: 56366eeac75fb331535dc108406a961a0a52ef85
MD5 hash: 28fd9e8bf71e7d85027597d65947168f
humanhash: mockingbird-sink-nine-arizona
File name:28fd9e8bf71e7d85027597d65947168f.exe
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'094'096 bytes
First seen:2020-11-15 08:25:41 UTC
Last seen:2020-11-15 09:40:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 71e265603dcecb9ce10a6b70d8736ffc (1 x Quakbot)
ssdeep 12288:1qflDDoYeAZMFTe9WyZlSyvEZX6EQ2XbhSn:1009FT5yPSyKNb4n
Threatray 1'448 similar samples on MalwareBazaar
TLSH E935011BF8570CE3CBDC5BBD14A8003BC3228B5FD6BB8AD17176904AE5691D4CAED909
Reporter abuse_ch
Tags:exe Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.5091.25967.30385.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54143d46ffc8e27ed096659781ace6b86d64e60c6824a59104816f6b2eab0905/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 08:26:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kqkd2rx7zdrh5uewmwlydlhgxbwwjzqmnaskleieqfxwwlvlbecq._file
Verdict:
malicious
Similar samples:
12a59869c0e78eed60e76adc9c592ba8b9f3d2835f19d4c46e7a458739d6aedf
Quakbot
4e21f2eefe25c07034fe9a8dc009cf05b33fd4d94979200921cf61f6efd15654
Quakbot
5401646f0c0e59d051a7af22287139db248b5b95087c228a9e7380fcd6cedb75
Quakbot
6a25eecf4c09687ee9eb25089d656e75b86b83464b681f08d14d7cd9fa468a6d
Quakbot
a1093cae5947b010c760dc1e04d9ac932b45dfe46f67b38b8f5b37c807084261
Quakbot
a496166b093b8b09a59f952e7a9a2196aa7754dd3485b4412ec0334cd59714a3
Quakbot
b67267d494ea23d58a61c127eb8e32b274878c3dcfa6586e344604397f7a457b
Quakbot
cdd0849cc7c21652c39ffdbdc039bc211b2044003c97c6bd964fca15012bd4d5
Quakbot
d5f719a5fb651053def370762beb99e78cf222f02d57ddb185b574dfe91627dc
Quakbot
d63cdb3488f01ba3934ca197871561781f9c657bff81dc3192683d7a6c6e06d3
Quakbot
+ 1'438 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201115-3x3cvqpsvj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
54143d46ffc8e27ed096659781ace6b86d64e60c6824a59104816f6b2eab0905
MD5 hash:
28fd9e8bf71e7d85027597d65947168f
SHA1 hash:
56366eeac75fb331535dc108406a961a0a52ef85
Link:
https://www.unpac.me/results/f35945b6-2e76-41df-b3ce-a7c7b69c93a8/
SH256 hash:
6d4bb0d47caa0778f56382b29e9528d83d3a27bc443624c37f77f28224cde08b
MD5 hash:
00f754d037bdb7206c08134bb1d23249
SHA1 hash:
0de75b319204c040a6c40bdf495d60028e6dbeef
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/f35945b6-2e76-41df-b3ce-a7c7b69c93a8/
SH256 hash:
22a5f7747bbe1b7e35ed9271470d0622872340be9d63ab809bf438d7e976153a
MD5 hash:
1d862a50217a4163bcf0f77f1ade0cb3
SHA1 hash:
b460f0cf9396434570f82d505ccaf3179e226df5
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/f35945b6-2e76-41df-b3ce-a7c7b69c93a8/
Parent samples :
b62204e7ac2de6eb620fc2849593ab3bf50132836a5b648d572fd728c2404e72
eb9915d87fd32bf37ff5e764a80b6fb4957598433774ae9fed10f82d932dba0c
cebb5bb7177a20961e79e4609e2789adec6b38a9d91269794f9fcbed6fea73af
5c6f9bba14dfb1e7b6a8dd697ae6ba69181d5af7cccf6dd40b89516d5ea483c3
54143d46ffc8e27ed096659781ace6b86d64e60c6824a59104816f6b2eab0905
9003653bd1f19432eb423ccf719c2de2189663b4240704d9eef95144945b348f
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Executable exe 54143d46ffc8e27ed096659781ace6b86d64e60c6824a59104816f6b2eab0905

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/807207/
  
Delivery method
Distributed via web download

Comments