MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c
SHA3-384 hash: 3be9cb16ed58dbd90647e487695fe564a101e87f08800b9c62e47da02151285fa3b01b9d0f794b91623c1a4f8b282782
SHA1 hash: 826dbb52bfc9c1a593407862d06085eb4dce5e2c
MD5 hash: 56096840a5ed8ea731463df79f00cfeb
humanhash: texas-maine-glucose-maine
File name:928a25c22895bdaac6c20d31191a40b1
Download: download sample
Signature QuakBot
Create hunting rule
File size:258'576 bytes
First seen:2020-11-17 12:38:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 303f89b8f429d52fa9a67ddad2dbfa52 (160 x QuakBot)
ssdeep 6144:6dtJ9rtpMBa72/oytPqb+z0qLivK7WzR7mMFT:6d1rMBgkoytF0qLGK70RJ
Threatray 1'742 similar samples on MalwareBazaar
TLSH C944E1C1A7E80184F6EBA1B74477C3103A127C9DA93D9B7F1AF5B1EC2931A219D2871D
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.QakBot.11.11733.4101.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process from a recently created file
Launching a process
Creating a window
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:44:12 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m5gcatq4lubnwrnf3g2dibblc6bj7lp3lki2s7poiqx5adkwynga._file
Verdict:
malicious
Similar samples:
03b08e1f0da12fc44226177999dc9f804413249672dfd5c9f965345710528b12
QuakBot
26a9b67b001c7839f501a44b99004ea3896bf36e2ee1dc5e67616884a3d4a742
QuakBot
39aece13ac26b4bbe6fda8a7338482f28bede5d089dfb5ab0d0e3803d878d36d
QuakBot
3bec3205aa6c693c7e5f0ec8216587780dad14011159261d1bb8dcf36501e283
QuakBot
56d3606bcae5b9ca6750f6ddd55ed813705040312d2d225f152a794159a2cb8e
QuakBot
6374838e7cd98149f7e3e7384265e8607c1e644abfeacc14237f37bf2f32aa5b
QuakBot
670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
QuakBot
9cc40a2ab38cb281445a46de0fae4760315b59c856c77f7f8bb20f98167942ab
QuakBot
acea7e7f8c7a18d5ac8a8f01c233e693640dbfa1c9491b828ba6441418c9b6f5
QuakBot
de11cf6bbb6e3b9150d63c126ecd46e82f8801d37b2e46bbdbf33729b8ae0203
QuakBot
+ 1'732 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201117-k6cvnrg83n/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Qakbot/Qbot
Unpacked files
SH256 hash:
674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c
MD5 hash:
56096840a5ed8ea731463df79f00cfeb
SHA1 hash:
826dbb52bfc9c1a593407862d06085eb4dce5e2c
Link:
https://www.unpac.me/results/e710576f-63cc-4d40-85aa-fd5f27b3b424/
SH256 hash:
2607438537b148f1907f33cb8eb788d7d380457273ac8bce24235d9a11177af3
MD5 hash:
0dfd5d078810a3a2a5bfc4ffd23989ca
SHA1 hash:
5e7b52d99c3a9d2ef75e2ae4ea47542740dc7920
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/e710576f-63cc-4d40-85aa-fd5f27b3b424/
SH256 hash:
99ea9ddde1f4179037aaf948b0920f6ae80e1e4c738053ebde9be3283c9430de
MD5 hash:
1401d43f02aa09c746340ef704deb891
SHA1 hash:
f60460fbd3358a8a95b39f03919afa389a796d85
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/e710576f-63cc-4d40-85aa-fd5f27b3b424/
Parent samples :
2450297d7ef66a5573ab6450aa5578f7e4c293b809f02cdac7126ad55f0e8549
768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
1b8fe9bfaa3f6ab8be12321c2198bb3ca39c6da867dbb503f5a1a3433d099d05
670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
4691eecceb853d64d7f30e0e901a9df4f385eaca43c5c441dd7100298fbdca71
674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments