MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f
SHA3-384 hash: ed7fd27f24da05d57cc8121070dd83125f79bbeb2117c9fa6facf3eeb6d54fd6996791c029f11a947d78f20d37977296
SHA1 hash: 84a139ebcffaef1d795e5c72ac8ef7a9bd4f4277
MD5 hash: c9f21e356ab63e500ed185d8ad25741f
humanhash: hamper-oklahoma-glucose-uniform
File name:SecuriteInfo.com.Trojan.GenericKDZ.69361.1221.16131
Download: download sample
File size:630'264 bytes
First seen:2020-08-10 22:39:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 89490247009131c913fe431d098a14f4 (3 x Quakbot)
ssdeep 12288:sM/rZ0d53n/W7K4PJDYUYemYrkIRR9gm/CQlzsOaIWaPa2888888888888W8888u:ledNn/6hQDrIRYm/CQJsOahr3W
Threatray 46 similar samples on MalwareBazaar
TLSH 53D4D003B3D74439F5B24A3884FA49B15E327DF827E0D95A3DB4F54E29B02925972B23
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.69361.1221.16131.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/417622
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 22:41:05 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3987a758b4ba5aa5a7a88370559abb4468b8fed89b98bf341761a94c6fedb8ab
4856aa92825a6c51304e39d51d5ea92c35e290936589039548612e8f927ce974
4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7
531b5d8939216cbba9c4c8b9aee9d550dea1dd317d9fe9a3c9d7eb9ada13d090
68659662a735e14235e68e5edee17995b1443af662e6d789c5461c8733f4b3aa
7bf0912cd1d107e491c474767c3bd83b39d08e55fafa810d076a5da898ea822a
983e210faada072a0ae9b176d62294be695fd805c0096083bd2053e05d0ad7dc
99f851b8bb921318568a9c87ef39bc353c0e3c9af67a8f5078e957f4bb046491
bc43d74e48156dcfd9991b8f5470d3f9e575a4937f368a0d856e30bfa81a74fa
e151320cbe3e8a9f44c3dfdacba4d741058c4ff30919d490eb8d552d4a8c6115
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200810-wczre8m1mx/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43009/

Comments