MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
SHA3-384 hash: b6eb3875455fdccaa278fa97231e9f995d2d311b7c33b2cd66da5201b4f8f41250d664b1018a89052bc66a06ba80d105
SHA1 hash: ee433e863f4fcfae4b4a724770f449c6d84557c8
MD5 hash: 6dd67eddbf99672e0b741907f39c3285
humanhash: harry-kansas-spaghetti-wisconsin
File name:670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
Download: download sample
Signature QuakBot
Create hunting rule
File size:258'576 bytes
First seen:2020-11-13 15:39:56 UTC
Last seen:2024-07-24 15:15:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 303f89b8f429d52fa9a67ddad2dbfa52 (160 x QuakBot)
ssdeep 6144:6dtJ9rtpMBa72/oytPqb+z0qLivK7WzR7mM6B:6d1rMBgkoytF0qLGK70Ry
Threatray 1'306 similar samples on MalwareBazaar
TLSH 5444E0C1A7E80184F6EBA2B74477C3103A127C9DA93D9B7F19F5B1EC2934A219D2871D
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.QakBot.11.11733.4101.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 15:43:52 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4cwd376czys7es6h3zmfkahaigi2srcpvjaafxpamehkaxqg2wq._file
Verdict:
malicious
Similar samples:
26a9b67b001c7839f501a44b99004ea3896bf36e2ee1dc5e67616884a3d4a742
QuakBot
3ad143fe091e2398207ac89ed82cc31f5bee574def93abd938e001b35898fbbc
QuakBot
4dda5ae8bfb21fa3c19b99e9164dc66030fc91c6b989f39404fd25fd48f15959
QuakBot
67506d9141b18c0878e73fe9bc13f6bdaf5415c31cd270e61656f8101d77ca4e
QuakBot
773d5944669d57a3f4c6efd3532711ee3f580a952915a1f4edd968e4a011bd93
QuakBot
9f90bdf9ba391e45d111d84c6f59f074410928c306feef877ee9e1a2e0668f16
QuakBot
b8c5c616fe5b05a907c6351c9799b7bfd59fa84553be40bd89f8322d0d5dc30e
QuakBot
d1bb3f027353c0a0714df4f1078d9cd0682c81e7bb27aa9e60abf04c3ea5059b
QuakBot
de11cf6bbb6e3b9150d63c126ecd46e82f8801d37b2e46bbdbf33729b8ae0203
QuakBot
e55c191f081d06d46846f73db4d847c3a08da2a517b70ee119f2586c308ebd1d
QuakBot
+ 1'296 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201113-zt4q7jexxs/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
MD5 hash:
6dd67eddbf99672e0b741907f39c3285
SHA1 hash:
ee433e863f4fcfae4b4a724770f449c6d84557c8
Link:
https://www.unpac.me/results/8189def5-fa45-4e21-9a13-4af7cd840f25/
SH256 hash:
ba89eeda5a611d5c1367db832da4bad0ba5b034ebd5f9ee886faa336fc346dfe
MD5 hash:
6ba63ed754124d794493cf4b0d80a4ac
SHA1 hash:
c1339862f2c45c44ff26f1ee6090791c7051291d
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/8189def5-fa45-4e21-9a13-4af7cd840f25/
SH256 hash:
99ea9ddde1f4179037aaf948b0920f6ae80e1e4c738053ebde9be3283c9430de
MD5 hash:
1401d43f02aa09c746340ef704deb891
SHA1 hash:
f60460fbd3358a8a95b39f03919afa389a796d85
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/8189def5-fa45-4e21-9a13-4af7cd840f25/
Parent samples :
2450297d7ef66a5573ab6450aa5578f7e4c293b809f02cdac7126ad55f0e8549
768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
1b8fe9bfaa3f6ab8be12321c2198bb3ca39c6da867dbb503f5a1a3433d099d05
670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
4691eecceb853d64d7f30e0e901a9df4f385eaca43c5c441dd7100298fbdca71
674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments