MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
SHA3-384 hash: 7ee0b453bb1e7fe6cb8f76a47f83a626c16d442c098781ad33014dfbe7876317327aa922e103fe32f537924745783dc5
SHA1 hash: 0e1db386f52a2aa0e3a854da1add494bd27bf930
MD5 hash: e9201f5bcf6904900ca5af74003e87c3
humanhash: don-cold-magazine-edward
File name:768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
Download: download sample
Signature QuakBot
Create hunting rule
File size:258'576 bytes
First seen:2020-11-07 17:13:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 303f89b8f429d52fa9a67ddad2dbfa52 (160 x QuakBot)
ssdeep 6144:6dtJ9rtpMBa72/oytPqb+z0qLivK7WzR7mMLI:6d1rMBgkoytF0qLGK70R0
TLSH 0944E0C1A7E84184F6EBA2774477C3103A127C5DA93EAB7F19F1B0DC2934A229D2871D
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.QakBot.11.11733.4101.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 17:16:48 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2gm5bs7ow2rszbqfdkqxs6ssj55mt4ld7qrf6vkrkhu2okarqwq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201108-wa3h262zta/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
MD5 hash:
e9201f5bcf6904900ca5af74003e87c3
SHA1 hash:
0e1db386f52a2aa0e3a854da1add494bd27bf930
Link:
https://www.unpac.me/results/470f321a-b81c-45a2-b5a7-7b308861be38/
SH256 hash:
2d72ec8e3dc88fa79cd3f03b5b2a0bc72fc7b1d7bb73f53c9355d3dd47ada026
MD5 hash:
68fd29c9dad653a573d1edac95c01a26
SHA1 hash:
782a6790647ea72f3c5759bfda0ea5c929175266
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/470f321a-b81c-45a2-b5a7-7b308861be38/
SH256 hash:
99ea9ddde1f4179037aaf948b0920f6ae80e1e4c738053ebde9be3283c9430de
MD5 hash:
1401d43f02aa09c746340ef704deb891
SHA1 hash:
f60460fbd3358a8a95b39f03919afa389a796d85
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/470f321a-b81c-45a2-b5a7-7b308861be38/
Parent samples :
2450297d7ef66a5573ab6450aa5578f7e4c293b809f02cdac7126ad55f0e8549
768cce865f75b519643028d50bcbd2927bd64f8b1fe112faaa8a8f4d39408c2d
03f3d80c2d66e09f1ac8196deed5cec1fe1a9f3501ba3fb48ba2d2820b7f97f2
1b8fe9bfaa3f6ab8be12321c2198bb3ca39c6da867dbb503f5a1a3433d099d05
670561effe16712f925e3ef2c2a807020c8d4a227d520016ef03087502f036ad
4691eecceb853d64d7f30e0e901a9df4f385eaca43c5c441dd7100298fbdca71
674c204e1c5d02db45a5d9b434042b17829fadfb5a91a97dee442fd00d56c34c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments