MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c
SHA3-384 hash: 6edeba6d7dc5a09ad7be3881d497b1d9f4f858a996939d2980d33b68819cc72bd51c70fa78fad55c3d28ee18b2a23f72
SHA1 hash: 84bf3b6cbfb862946a0afc7613cd5a9f96eb650e
MD5 hash: 21494f5e3d02e15bdcc09f5777520d71
humanhash: hawaii-maine-arkansas-nitrogen
File name:6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c
Download: download sample
Signature QuakBot
Create hunting rule
File size:271'872 bytes
First seen:2020-11-10 10:55:14 UTC
Last seen:2024-07-24 15:30:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 015974618e9105226f001019d35e62e5 (1'506 x Quakbot)
ssdeep 6144:DLfhdM/bXZswyIyO6t0nh7lqoDKOAP4PshaoI:nvKbXWNmVHelmEaoI
Threatray 976 similar samples on MalwareBazaar
TLSH 2444F12324759436F81607F68DA6D2B10D6E7868AA3145CF3FC85348072E9B28F777DA
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Lupus-9787367-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 10:57:02 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nsump2fmv3exwbnkc5nbdyxeorrbobvdedwkjmnqbfwwufimcywa._file
Verdict:
malicious
Similar samples:
0220f0aab563c0bdc12685d690436e5fe764f42c7895a80e2eac60f5edffdce6
QuakBot
16e8dd4d681393a757e3420dfd00187ce7bca1aaf0f792c33bc6bc68693b936a
QuakBot
516ee2cc169e0cf058552813fe21a139f72988c714eac2df9dc5699e3c7c3ad1
QuakBot
520b6a248e5caf2e361bef4fc425524053e6e45bdd012b9ce6fd808d2f16e37a
QuakBot
56beefde39535b466637ebcc32701a2444a2c30bb3fb51496c96789dc07199e4
QuakBot
5fbb5c8d3dfdc0f9327bf1e74a110994e01eae9c091814e1b7d43aa3958a78f5
QuakBot
8109257615124835d77bf857ba60bc516ae9319daf92444028663653358ca3ba
QuakBot
850fb42dc97c28ae70bd41c69ce1525a75858784fcd6880362a4a6bd41761418
QuakBot
a496166b093b8b09a59f952e7a9a2196aa7754dd3485b4412ec0334cd59714a3
QuakBot
b63596b2484bfe0613e82b680056b1bd49c57b6650d7470263a3204b41013391
QuakBot
+ 966 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201110-46jw72xccj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c
MD5 hash:
21494f5e3d02e15bdcc09f5777520d71
SHA1 hash:
84bf3b6cbfb862946a0afc7613cd5a9f96eb650e
Link:
https://www.unpac.me/results/a7bd30bf-b9e4-4b50-bac9-dd6f187226fd/
SH256 hash:
f62038ddf7fc42ba4c744138d9c2ed772cd91824bff49a578d9a52f1d995c2eb
MD5 hash:
aa68778bcc5f584063994a83e50a86d4
SHA1 hash:
0630d490d74da04b68328187d398107a38627f9a
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/a7bd30bf-b9e4-4b50-bac9-dd6f187226fd/
SH256 hash:
a704748cdceb5e5f96cd6e131ac644f90a4afe03db1c793970a2336c4a5dea77
MD5 hash:
1724a458d86ec5b7aeda2b0e96176d66
SHA1 hash:
ef53ef5f37d66a0789677dc690d3fdc5d19103e6
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/a7bd30bf-b9e4-4b50-bac9-dd6f187226fd/
Parent samples :
6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c
d9ea9dc5a145e58531ea7b29cd4e38bbc8c36011590f3fada67f54829d6bd118
8f29ad62267629b927d763f557e10e3d4ed3b77c118c02bb143e51d4b4063d2b
38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9
5a6d7886458e2bf4e05af49a375c0df110893c72568a7f9fd804bbf889e81535
8df12f8055512ff01c690e1b45777fab03eddaf60845afbfadaa3b3d225e3aec
8460eff35d8d6196b16f1b67cfd1557176138962ce63c1eeb0553a700c84c923
789d5cbf2f1d5cf98ab6c8ed84f472786559f6f1dc8cabc5ddbd48b6f25cfe39
bd35fbaa9b56c8bada6f731b09b9db2297eced473bbbc96d355fe24b43ddd248
c135fe92da22d209e22fc7c9ad83d2456f9f783874b1c9ed9be87fed650510e0
2372c12bf9bb289210f9be4cde76110e2848dd34d3c345df8991698b5f024741
0bda4b37e2a0a89a0272b0a5bc87cc25de33ba4ebf4e4c4b35f5094a455c01c9
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments