MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
QuakBot
Vendor detections: 7
| SHA256 hash: | 54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e |
|---|---|
| SHA3-384 hash: | 43264ee420642d2e24e346e9a4ad0d0f4b081868e43ed8fd9061b25528dc242d8ace989fcf09b74fa5af2dd936bc21a0 |
| SHA1 hash: | df5d7f64791e8e7d849632d8fbe739abf45073a2 |
| MD5 hash: | 30be97c6613a3824a5369196786623e0 |
| humanhash: | hawaii-skylark-alanine-dakota |
| File name: | 54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e |
| Download: | download sample |
| Signature | QuakBot |
| File size: | 1'084'416 bytes |
| First seen: | 2020-11-15 22:50:59 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot) |
| ssdeep | 6144:0AcXXnZ17pIfRD83d/kFICdy2MsnNbDJEZ31EyIEgflxktjKk0GInR+HlZzmP6Mh:0hP7pcOlxn2MSNuKpPUhulLhJ9FCe |
| TLSH | 1A3522D7F9BC8471CAED287F8993123C968A85E85D05D10B0778A5ADBDF3200FE9644B |
| Reporter |  seifreed |
| Tags: | Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2020-11-15 22:52:22 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot banker stealer trojan
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e
MD5 hash:
30be97c6613a3824a5369196786623e0
SHA1 hash:
df5d7f64791e8e7d849632d8fbe739abf45073a2
SH256 hash:
78c5a96607a03a1307a29c9489e49ac5910ca6edd605d4efce226a54ea87b76e
MD5 hash:
edb8a157a75736acffd86fe6a057b433
SHA1 hash:
ffaba2d93b5367957367681b7a276dac1406f0de
Detections:
win_qakbot_auto
Parent samples :
4f1566795077320406ae3ded8622923036b8531c9cde840a6540c66a366505dd
ac7368bd75142d7c2c0990811ddcf4962ac5c6fc42c3a4b6846dfd80423c2750
24f828742baaedb176d3dba0bdf3d06682c174a9b46b35bf5d145ee57f2aa643
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
58593fd5fb90f5fd420e3dcf0ed7e1fb5fcb5a3ac89acf685acc7d4c0e7df9ff
bf2e0f665eac44398fdeb7e3dc2451a9230686f6b8f0b18bb656d6a1bc8aad4e
d8be99a67635ce711c3d165e4e5ad8aad798bc398c92f8be924b5dec534063f0
54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e
ac7368bd75142d7c2c0990811ddcf4962ac5c6fc42c3a4b6846dfd80423c2750
24f828742baaedb176d3dba0bdf3d06682c174a9b46b35bf5d145ee57f2aa643
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
58593fd5fb90f5fd420e3dcf0ed7e1fb5fcb5a3ac89acf685acc7d4c0e7df9ff
bf2e0f665eac44398fdeb7e3dc2451a9230686f6b8f0b18bb656d6a1bc8aad4e
d8be99a67635ce711c3d165e4e5ad8aad798bc398c92f8be924b5dec534063f0
54a201fb84a5b1c713037f0d687812aa96cd9029c933d9c316c1f035a9b3597e
SH256 hash:
1bfc87bbdc7aec5a709a2973adec250b84fc27b16a1116f142ef5187f6ebf197
MD5 hash:
4971076ba87660813ebc01b2ee00b03c
SHA1 hash:
b1e032376fa2feca69bdc8eb7ee2aebc5b406142
Detections:
win_qakbot_g0
win_qakbot_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.