MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5732b84d760f60aaaedaea1e6fbdd58f679f1aca580b2bfcc9cd5980b5879055. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5732b84d760f60aaaedaea1e6fbdd58f679f1aca580b2bfcc9cd5980b5879055
SHA3-384 hash: 01d45f72efa39e7d5687266f337a6b5063d94dc1671209036ecf5e05edbbea2427fed72ba493035c46dde5ab43e86212
SHA1 hash: a2a268813d692fe75886b0cda32593121f2c1f7a
MD5 hash: 0a4ff780404a3f49def6f48aac83256f
humanhash: cat-arizona-paris-colorado
File name:0a4ff780404a3f49def6f48aac83256f.exe
Download: download sample
Signature Quakbot
Create hunting rule
File size:489'472 bytes
First seen:2020-06-03 07:56:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 61753db22d6633b57b542b0442b81955 (3 x Quakbot)
ssdeep 6144:DiGEtpvg9pe3oUADfamC9EGqswger75gOMwOOT:DmgLbtvswgK75BO
Threatray 429 similar samples on MalwareBazaar
TLSH 0AA4BF40727CBB67D0FA06F44DBFBAA66931BD411E26D9577B407A6D3CB23801D04B2A
Reporter abuse_ch
Tags:exe Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.761468.15001.16998.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 07:31:46 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k4zlqtlwb5qkvlw25ipg7povr5tz6gwklafsx7gjzvmybnmhsbkq._file
Verdict:
malicious
Similar samples:
035d19d24120abe31bdf98122f3e329b15e57307a2262acc46a3b8426b8445ad
Quakbot
25c04ea89771e359b8692969c471a7167d53d006a5e90e93b9a245d2e9fe75eb
Quakbot
2f9bfaa147313115297b1253aa4553197d8513debf097d85682a63f2ad2a32d1
Quakbot
3cd54a6ebb3d837c2c73839f5eae1da1f6d6dd9c6bbb01752b149b9a309d49bc
Quakbot
44e6cbf7e0f06e14cdc9e6e254ac8f2210a7f17fc7b5a4f9289f02f5efeb79ad
Quakbot
4b432a7a66293a8ec5b960d0bbb949d917cef95149eb55579c46a362987741fe
Quakbot
7a35e95b5c5ad0c2ca40f25acd09a0ca481254bf034ff198777ad1abd071d809
Quakbot
a5e45cc4c8c85b23bb9778543aef8894a3c92b623e7d09384c7afda35a9939fe
Quakbot
f1909a39107c44c286a76d0f2169302c5afca80c6ef4ccc1e2c0d8a5410270b6
Quakbot
fa6b99afc48d76bf20606a7fd4e15f6ec2512738c37f7319d0adaf9c1d762168
Quakbot
+ 419 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
cryptone packer
Link:
https://tria.ge/reports/201109-xerl2z494j/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Executable exe 5732b84d760f60aaaedaea1e6fbdd58f679f1aca580b2bfcc9cd5980b5879055

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373934/
  
Delivery method
Distributed via web download

Comments