MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 700d13ff3ec2ede508da06b9cad1f0fa209b2fcb3e0115433456064a3de484b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 700d13ff3ec2ede508da06b9cad1f0fa209b2fcb3e0115433456064a3de484b8
SHA3-384 hash: a250bd7864adf032a699d0b0eb7449e9db079cb21cf6b35228633850b91619ebd0a22d0de3b5529b8dd409f996c00377
SHA1 hash: 04f98f5563bc941ff1f2bdb190afb7abc9efd4fc
MD5 hash: 31c1cdce6c058c7c344c6572a4ee55ad
humanhash: ink-london-early-snake
File name:SecuriteInfo.com.Variant.Graftor.748998.27775.3910
Download: download sample
File size:585'216 bytes
First seen:2020-05-14 23:38:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 142c15080d5f93b34a1cd8f2db2ecc78 (8 x Quakbot)
ssdeep 6144:bmZ6yg6i1o2jYsDoEpjpo8Vkd8aTAPnUH1CmMQ4InobFr:bmZniK2Mu9Js8asPno1V4InobV
Threatray 421 similar samples on MalwareBazaar
TLSH 02C4DF41922F530DCED289B4F90DB781AE2D5D81623FCE533AE6BE1E2F328E43552915
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.748998.27775.3910.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qakbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 00:35:20 UTC
File Type:
PE (Exe)
Extracted files:
31
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c63faba52a07b325662821bd818f9a2f86e927ee9563c86ee832cb133d431b6
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
30294b7042b6e94b7ac7d2f6641b89017ace586f42143b3b61e4286e2c6e7af8
6833103ea9ce11c1a8deece38363ed984b60d736c9bf23f64fbb9ff9b8e6a8dc
7ec71cc6ad5841a4db6a15705ba7a68fc2c888426d3a0b56ac96f1c87bbdcdd9
9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
da97d22eb7016e9daa46962d9c6eb47d9227ad534a996531b793cd00f71b36a0
f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
+ 411 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8xptfcpfv2/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments