MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c7a48f3dfb41c0137b736bf5f3071bfd550eb8dee8fc6b3c5a075adbecbdbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70c7a48f3dfb41c0137b736bf5f3071bfd550eb8dee8fc6b3c5a075adbecbdbb
SHA3-384 hash: 4b85d1510a9fddc973c67195da7f6d8b83ef635b87a3a9b6486a08f094ebf623905244f953e97cda621b49d628056bfc
SHA1 hash: c14c9e2ad364ad62785facb624be795a593f698d
MD5 hash: 42b62f4ff20ab5a7eb4a3f0a3e34217b
humanhash: tennessee-jig-salami-artist
File name:42b62f4ff20ab5a7eb4a3f0a3e34217b
Download: download sample
Signature Quakbot
Create hunting rule
File size:1'093'600 bytes
First seen:2020-09-08 16:16:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f3b26af0fab670562c30b76b3269a8b (1 x Quakbot)
ssdeep 12288:pR42+WEAUPxCYz4ioS5j8IipPkpS1JkG55dYpET/EW6h:XlcA+CYuWips2+GRYs/ED
TLSH 8B35F1FABB32C441C7901B3744B3466F9A26ACDC781CD00FE5863B2D6CF62D179A6589
Reporter lazyactivist192
Tags:abc001 exe Qakbot qbot Quakbot

Code Signing Certificate

Organisation:StarY Media Inc.
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Sep 3 00:00:00 2020 GMT
Valid to:Sep 3 23:59:59 2021 GMT
Serial number: 3BCAED3EF678F2F9BF38D09E149B8D70
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 45D598691E79BE3C47E1883D4B0E149C13A76932EA630BE429B0CFCCF3217BC2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
lazyactivist192
Qbot abc001

Intelligence

File Origin
# of uploads :
1
# of downloads :
277
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/57969/
Detection(s):
SecuriteInfo.com.Mal.EncPk-APW.17229.13047.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
qakbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/70c7a48f3dfb41c0137b736bf5f3071bfd550eb8dee8fc6b3c5a075adbecbdbb/
Threat name:
Win32.Trojan.QBot
Create hunting rule
Status:
Malicious
First seen:
2020-09-08 16:18:06 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=odd2jdz57na4ae33onv7l4yhdp6vkdvy33upy2z4lidvvw7mxw5q._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200908-2z292ql7zx/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70c7a48f3dfb41c0137b736bf5f3071bfd550eb8dee8fc6b3c5a075adbecbdbb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/ab296cba-78d5-44f1-a581-02b7d3ccc015/
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/57969/

Comments