MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 740e9e6deff4dc4bfb8a24bd3c945c3f7ffea5d54ebb7e102e6ea099470544ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 740e9e6deff4dc4bfb8a24bd3c945c3f7ffea5d54ebb7e102e6ea099470544ae
SHA3-384 hash: b4e94c9217b5469a9dedd7c52cf5f2f6ed02af6c7b2588e296ce8444b9ab3b9b544fa12206cdfa52ef389c6c55ee2459
SHA1 hash: 01870864ef3e62d195106e9cafaf748daabd792c
MD5 hash: c48268c57f19a210ced58b7194186fd0
humanhash: angel-cat-jig-speaker
File name:740e9e6deff4dc4bfb8a24bd3c945c3f7ffea5d54ebb7e102e6ea099470544ae
Download: download sample
File size:247'296 bytes
First seen:2020-11-07 17:02:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f852fb7910bbadef3a5dbc2273a0898 (2 x Quakbot)
ssdeep 6144:XdtJ9rtpMBa7CSqNF2+Nlu/of4jHwr68M:Xd1rMBgCSqY+Nloof4Hw2
Threatray 790 similar samples on MalwareBazaar
TLSH B234F0D2A2D48140F6F766360237C7483B56BE5C993DA27F257172DEA931A823D3831E
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Eydc-9784349-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Deleting a recently created file
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/740e9e6deff4dc4bfb8a24bd3c945c3f7ffea5d54ebb7e102e6ea099470544ae/
Threat name:
Win32.Trojan.MintZamg
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 17:06:22 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03b08e1f0da12fc44226177999dc9f804413249672dfd5c9f965345710528b12
495dedc7acdd334f376eb57d8d87d5bcacbc0da799adc6cc593d0f6262ff2e9b
5700b31253474a90ca10c969764a0d4e1cd979466f50de3a71a57c1137230dbe
67506d9141b18c0878e73fe9bc13f6bdaf5415c31cd270e61656f8101d77ca4e
9cc40a2ab38cb281445a46de0fae4760315b59c856c77f7f8bb20f98167942ab
aab0cda9f1d257a3affd8ee4c8b7eb06369d598afa2a1daa3f0780851fc083cc
b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c
d1bb3f027353c0a0714df4f1078d9cd0682c81e7bb27aa9e60abf04c3ea5059b
dcda70b5cc63629dd2760dbc76ffda0bedefd0ee92af4d4e3740acc7dd2eaff2
f0f993925f000b7bd91578d59bc3731247e7122f81e4439347bc145f2dfb1215
+ 780 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201108-t9rmnym656/
Behaviour
Runs ping.exe
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Checks SCSI registry key(s)
Qakbot/Qbot
Qakbot/Qbot
Unpacked files
SH256 hash:
740e9e6deff4dc4bfb8a24bd3c945c3f7ffea5d54ebb7e102e6ea099470544ae
MD5 hash:
c48268c57f19a210ced58b7194186fd0
SHA1 hash:
01870864ef3e62d195106e9cafaf748daabd792c
Link:
https://www.unpac.me/results/2c1e9689-b273-4805-b1cd-d38984be3444/
SH256 hash:
59afb82e9aab50f715e8735f09aecb1621f2043f6a5b4243b1ccade07380a29c
MD5 hash:
289065e619de63a8f21d7d5241d6ee8b
SHA1 hash:
025c3e3a8693b359526d0789288fab935a5cff2b
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/2c1e9689-b273-4805-b1cd-d38984be3444/
SH256 hash:
48cfc44c4abb999b0a945919f4c15ccba517693222891915bb035872bfaca42b
MD5 hash:
7cc344fcebc1e014f89a2b7c9576bfd7
SHA1 hash:
5f7768c8f54a1ab5a4bfbda4c79bfa87beba6bd3
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/2c1e9689-b273-4805-b1cd-d38984be3444/
Parent samples :
5c4243b2a27c731bdbf29375d308252fbf0e071b6ea0bed813b61cfe6926e738
a1ccf7c8edc1c55387a37afeea220130241485e38a112ac5eb70b65ae1096c64
80ff62e6e116eae4e4430d1c9b222ef2279874cbcbe81f8585d698ff65353d95
76dfd774e997c6f57436d26f9687330780fb4e531be2ac87b987f59caf9420c3
7de8c22aea7b3a871d4ca5715e4a70313f7e63eb8ac661c4f0b4f84e1876183d
56d66968ebb368c3bfbece314ceee99c380e9c8c2a1e69331c079ca6e8a34046
6335194fe6aff4a5aee7f31cb566f019fb7e8e9b1c4e567fb39f64d048b9fb82
e7b71f274fa6101b23bea864a62527e991781f2b94d2158077bef3e8eefa0bc6
e47af57efec059e3f5a36e2de93a1e215f9ebe11550c194a95b7ecd247b0785c
184c4e09da72a61a29b2b70d9d3cc5465e222230fb5421bb4bf453f9621498ce
61af615619086988198cde3cfb7ec65b4d8fe01fe9595c4aa029a90072391b57
1399a0c10893e6d83d602d6026434e0d5615a56e32439b5a49146b1823b01333
c9e6437ed323393c34fa189bfee56bfcb05aecc563cad0d2b0e8163489f2283d
b0bc8c7d2786b8b2b2fd0c6cec412c62fc4feaa267685b7734846cbc6b1c7ea6
31ecca83de833b3f41446f1e5da470b177ca6cb4fc4c55b73c001bdb35551844
8ffb42e60b3dcd29fd9fb67b782d418f632f975a84f6ae1eefec8c3509fcb29e
48f64c9177e93942695e1108b6346a1437a3ad44e6cf65ebe1d2e5b738a23421
b5e53f30ebc4e6dcf0f09dd4351cfa0e2457b46472acc008ac2eeb51c9970dd2
e13541f1e4e054e56ed3f5909272c6146454fd52bc2257c62ac921f34a13d80b
8e8256d3d439cff5df7953111fa19b015ea11ff253d0c22181dfa35a211ba5cc
d0bc4126cc4314c3227cf78896ad636bde55eee476dc9a748c3919b34eb8c218
aca4aed3b78b51c06b7fac14b362a46cc6f0e4fae1f2828b9c696249bb1f24ae
b70b811a237cb64b9c8ae2d32a6054b06ac336a31939c59bb91451ae326a15ee
8ba3aa42d5c3e1b4cd3ead07bf2c40641e4011aac0b2a1b1262f80504d423f9a
1138aa0a51e7b7c9bd78b1b423ceec867de06c609adf541ee9f1b0168ba32121
74d89c3456100cfe9b7708cea71e1182b625295eee3d391bf9d602530091ab32
740e9e6deff4dc4bfb8a24bd3c945c3f7ffea5d54ebb7e102e6ea099470544ae
26a9b67b001c7839f501a44b99004ea3896bf36e2ee1dc5e67616884a3d4a742
17facf860fe1a5ed999a328490fcc2962d173ab4cfe2142e532913f7a23b66ab
de6919b7df8a2c9bc317a46d3fd2a05033358c0cef66fbcc3a614def1ddcc805
46bb53cb64290bd775679b20f09d60933e043e1d2182ab18c62500fc3c4faaf7
6424aede08a876e0c723d055f9f23886d0af5259e1cffc907f7dbc07fac748f9
7803a0cfd5572aa9d9e3d60b071a26497823bff93f4f656f9d7fcfea561a097f
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments