MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66581ef4403817dbb74f4eaa160d9b3dff00655688de916bdc9deba5bf32b555. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	66581ef4403817dbb74f4eaa160d9b3dff00655688de916bdc9deba5bf32b555
SHA3-384 hash:	6fa1ffa952ed60085a6dbaaf70c1c2c21721833f62ad8bb9643699a2271458fc50914d71db7fda5407fd3d82a6020cd1
SHA1 hash:	428de08f90036ff35acf3ca00179fd149a39d3b2
MD5 hash:	73b2d7e475f9209c2f52076831ed4fad
humanhash:	hydrogen-october-hydrogen-illinois
File name:	SecuriteInfo.com.Trojan.Inject3.37922.20057.28218
Download:	download sample
File size:	2'167'808 bytes
First seen:	2020-04-07 00:40:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8d0f0930be45e07bd09e3da7526fd89b (5 x Quakbot)
ssdeep	6144:LZbXtDYkc4vQ85b7N00jtIU5+6v4lsusgHDJDp:LZbGkc4vxpN00ZIkfwlsql
Threatray	407 similar samples on MalwareBazaar
TLSH	40A5E0D2203DC8CAEC2F377974E0258598662D689EAC514A3B52C30D538FA964F5F37E
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Qakbot-7684636-0

Win.Dropper.Qakbot-7684637-0

Gathering data

Threat name:

Win32.Trojan.Qbot

Status:

Malicious

First seen:

2020-04-07 01:35:23 UTC

File Type:

PE (Exe)

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

malicious

207e7e6a2bb5399d562ddfcf383eb176c867d11008e168ff1c9094d009bd3c76

3dcef5a915ec1ffbd1c4d568227c2426b242f4d06a8494d51b7aee0298fedf3b

61f0296f2490039cfcde87a8851e79c738a3ed7aa0516137fcd6cd5b78597abe

67a02f6f072e59f2ee3fe650a7c818824187f1cece0a11c4cbd965accba981d0

6db8186bb85e3dd446d86408b81725e268f375a06c49fcece7ddfb67171bceca

8d46e2e8a6a55f0dc7a31d3c93d8d4087b83c228ced43347195a406a6c961898

90e9c74f78bb70df8cdb84b78e24d997eba83e74fefc04833e14e17b4add10ca

a0ae46501708028403a8d6a9ffdb2dd31015a22b2703d2305f25df73b3f732ca

ea4dcaac0b61ec7f40c3695c285e799aacefd8c825e8b119e64a268af7d7c4c7

+ 397 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	ole32.dll::CLSIDFromProgID ole32.dll::CoFreeUnusedLibraries
SECURITY_BASE_API	Uses Security Base API	ADVAPI32.dll::GetTokenInformation
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteW SHELL32.dll::SHFileOperationW SHELL32.dll::SHInvokePrinterCommandW
WIN32_PROCESS_API	Can Create Process and Threads	SHELL32.dll::SHCreateProcessAsUserW KERNEL32.dll::OpenProcess KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetVolumeInformationW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::FillConsoleOutputAttribute KERNEL32.dll::WriteConsoleInputW KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::FreeConsole KERNEL32.dll::ReadConsoleA
WIN_BASE_IO_API	Can Create Files	SHELL32.dll::SHCreateDirectoryExW KERNEL32.dll::CreateFileA KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::GetFileAttributesW KERNEL32.dll::FindFirstFileW
WIN_CRYPT_API	Uses Windows Crypt API	ADVAPI32.dll::CryptAcquireContextW ADVAPI32.dll::CryptCreateHash ADVAPI32.dll::CryptGetHashParam ADVAPI32.dll::CryptHashData
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegCreateKeyExW ADVAPI32.dll::RegDeleteKeyW ADVAPI32.dll::RegOpenKeyA ADVAPI32.dll::RegOpenKeyW ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegQueryValueExA ADVAPI32.dll::RegQueryValueW ADVAPI32.dll::RegQueryValueExW
WIN_USER_API	Performs GUI Actions	USER32.dll::AppendMenuW USER32.dll::CloseDesktop USER32.dll::FindWindowW USER32.dll::FindWindowExA USER32.dll::PeekMessageW USER32.dll::CreateWindowExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample