MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
SHA3-384 hash: 5034b2d6e41496b7bfb60b600c4e920f8bda7ff1d75993d1eb52436e38f24006112d2c29b2094288544605fa5ab0d7d0
SHA1 hash: 3488cce807caa52b9300bb481899276dbf002047
MD5 hash: a7811d2f36cdb4ce50963e9274003b76
humanhash: nine-eleven-white-lima
File name:7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'226'240 bytes
First seen:2020-11-12 14:19:15 UTC
Last seen:2024-07-24 16:38:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 65b7e4d2b8f7b3cf1dfc4bed557e0068 (13 x Quakbot)
ssdeep 6144:VyH8W3oZY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJR7:KD6AoS5EU/Lp56kBgXOInmNouL+Lwb55
Threatray 1'249 similar samples on MalwareBazaar
TLSH 6245D10DB737C000D3A62FF605920B98E66FA8E93B2091075BDA670D3DF93E57867685
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 14:22:11 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pufpmtrq5gnbp5xb3vvglxr3duo6kksjjjfj74geqd2b5bjsafqq._file
Verdict:
malicious
Similar samples:
0652d513a2c43aaabbb806eeda3e035aa3b12449a718610d42453896d9f97751
QuakBot
7476a5253dd78e85669926b4465ccb7d64ad152f49c070f5e897d84d402c3364
QuakBot
9adfaa5b63a6a5456740d383e463055f47b796114675f0912e185638ad135d4a
QuakBot
a1a609c00c3504343f05c5fe6d6353ec177b06551efaf44c4d69e316718dc03e
QuakBot
b78c608b6efdbcab010375b990d029eefd2aa139b5796cd5b10adf50a8e48ec3
QuakBot
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
QuakBot
c641c51101e0203a2a781f0d6f9dabbb664d4d80f10f1950b7c7fe1b602e8886
QuakBot
d2bbc92742ea68a752b3f0ebb15bcb9eeb9b793643b6f55f82c8f21f8654c70d
QuakBot
f0f993925f000b7bd91578d59bc3731247e7122f81e4439347bc145f2dfb1215
QuakBot
fb06ebc9ddde4c52a9264c9097529658d80d280d2cc19fc7ed8c9f6a0bd69bb8
QuakBot
+ 1'239 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201112-3cmd658yne/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
MD5 hash:
a7811d2f36cdb4ce50963e9274003b76
SHA1 hash:
3488cce807caa52b9300bb481899276dbf002047
Link:
https://www.unpac.me/results/828d8d4c-ce3d-48a8-82a7-8ddc4023d6b6/
SH256 hash:
5cbd3e7016d9bc402f7d8112ed442b4137f50c46f2acdede258c13f448ac656f
MD5 hash:
9573bb535a0efa2a65cd65fbeec23229
SHA1 hash:
a383dbc56bf82518aeb5dfb94c3022f5c2ee41e6
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/828d8d4c-ce3d-48a8-82a7-8ddc4023d6b6/
Parent samples :
8f34f7308bcf431f2e8cb0b609decc1d59a01283a2e63c423337a8df158352fe
31f3cd8583668c63677e4c201f4648df7d57c0f80159c339e00751a75cf32aad
648433c9260784d21960fad81af3736fb033cfa0e7fb0f55c0404a9ffeb16b9e
7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
dfae1e916e03a97ddcd5a110077f2f7da196ed7999e1172194681f096bdd2bcf
246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72
SH256 hash:
92b68234c2e2a30ec923a211ddc3ca9753a5d0dc80fac2e3454e2a7822b1ae00
MD5 hash:
570873e3733b6c6c0e8ecbfcced2fc21
SHA1 hash:
84e412630fa506b4b50a27ff568ff177799b9439
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/828d8d4c-ce3d-48a8-82a7-8ddc4023d6b6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments