MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
SHA3-384 hash: 61c3502ca82f874d6e68f32b12662bd48f16cd95dd088403cd80dd6c26ec48e001be37da60778308fe3ec8fc07c2ec9a
SHA1 hash: c1df956c33189dc4bf2b0fd8f3839b45c9e42aec
MD5 hash: 171ac2c100a210e8f1a5f234d90857fd
humanhash: grey-lake-item-enemy
File name:5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-15 23:19:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:tZQ/l6h1L3IARD83dSkFICdy20sFNbDmHZ31EylEgf9Z0tjKkWGInR+HlZzm56Mh:tZbL3hO4xn20ueeKL5UhulLhJ9FCe
Threatray 1'584 similar samples on MalwareBazaar
TLSH 9C3522D7F9BC8471CAED297F8993123C968A85E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 23:22:09 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmvd2z7m5pm2el6hiuxqcittu7s62w3dgeewkbnkity2zbuwynpq._file
Verdict:
malicious
Similar samples:
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
QuakBot
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
QuakBot
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
QuakBot
63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433
QuakBot
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
QuakBot
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
QuakBot
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
QuakBot
a401e9208a31cca327a31ee872a258b358dbd276304625e461d46f5c656d5723
QuakBot
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
QuakBot
d8be99a67635ce711c3d165e4e5ad8aad798bc398c92f8be924b5dec534063f0
QuakBot
+ 1'574 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201115-pa5g7cwm1e/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
MD5 hash:
171ac2c100a210e8f1a5f234d90857fd
SHA1 hash:
c1df956c33189dc4bf2b0fd8f3839b45c9e42aec
Link:
https://www.unpac.me/results/5d27912d-e8ef-471b-9185-adeed62844c7/
SH256 hash:
52967f6ba913e7e9d7e4d2fdfa5cae1b60c6eb7043c919f1cb37b44e9470a851
MD5 hash:
10f0b4055e20a263a0b027a3e681c810
SHA1 hash:
110a5bd1db6b78ee9c5ca0c2a74c6d8ee3da6c88
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/5d27912d-e8ef-471b-9185-adeed62844c7/
Parent samples :
acb1a2562d23cd06da04a144712d3a0fbe7a7c37cd7532a2f0986803e44554ce
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
SH256 hash:
b2c5e3c2a6a34c0887b8c29999612f9359181586fffaa3c4151d49ea646b7cfd
MD5 hash:
3420dc0e804228e89d8aa8abf7ede8cb
SHA1 hash:
b018d5120c5cc9a39e26f4246d142c4c5c391b4f
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/5d27912d-e8ef-471b-9185-adeed62844c7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments