MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433
SHA3-384 hash: c20cdb5b4357af60aea6fbf09541f12fea9dfc9a3b39c58c0046e0a31ed539610d5c1819a9fed12c2f145c1db835752d
SHA1 hash: 9a73f69aaa29bdb2ffa60497dd1e4f85e56c7aa4
MD5 hash: 842a0b8fecbcf702688bc29723127707
humanhash: ohio-michigan-bravo-freddie
File name:63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-13 15:25:03 UTC
Last seen:2024-07-24 15:08:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:rRq/w/nU4vrIeRD83dMkFICdy20svNbDlgZ31EylEgflJMtjKkJGInR+HlZzmV6s:rRDHvrvOaxn20e62KYVUhulLhJ9FCe
Threatray 1'347 similar samples on MalwareBazaar
TLSH D43522D7F9BC8471CAED297F8993123C968A84E85D05D10B0778A5ADBDF3200FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.14067.10841.24455.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 15:28:15 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mptdi4emgk3wu32aydglboh3lhwljzbmxypytix2k2vud4lpuqzq._file
Verdict:
malicious
Similar samples:
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
QuakBot
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
QuakBot
18a52a088f46ae8a4dbfc27760bdb3e22dda61ed353c8b8ff3dc16aaa1df4c43
QuakBot
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
QuakBot
77e8872e2c9a68dceed90a1e59d2805019963759747a1134be407f5bc14ce28b
QuakBot
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
QuakBot
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
QuakBot
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
QuakBot
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
QuakBot
e623ccc3e7951238e956cd57702bc2375b0649d5d550fb4ad29e24f6b9323adf
QuakBot
+ 1'337 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201113-fsffs8tj86/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433
MD5 hash:
842a0b8fecbcf702688bc29723127707
SHA1 hash:
9a73f69aaa29bdb2ffa60497dd1e4f85e56c7aa4
Link:
https://www.unpac.me/results/b229cd3f-99d9-459a-93df-248aad2a6e85/
SH256 hash:
e068823985f4c78c6374ca36e1d6e1f3c15d0492d7b78297220e6d2ecea11301
MD5 hash:
d40584d124a0b077ebb260b3b110c454
SHA1 hash:
4de5ea2801bbb8a8e60e042e173f34bfab9d6560
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/b229cd3f-99d9-459a-93df-248aad2a6e85/
Parent samples :
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
63e634708c32b76a6f40c0ccb0b8fb59ecb4e42cbe1f89a2fa56ab41f16fa433
SH256 hash:
8924a0fcab9816f71a68503a83641e95dba838e83e372d1cf3cbac23657aaeb2
MD5 hash:
50f395443140ef3af3815d2bd6ced1d7
SHA1 hash:
7067ea85e446997b893d0443839785d5cfbe615e
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/b229cd3f-99d9-459a-93df-248aad2a6e85/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments