MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ad806c00061733f75fbe6b53a598a505b4488265ebfdad71e9bdade87d8208f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ad806c00061733f75fbe6b53a598a505b4488265ebfdad71e9bdade87d8208f
SHA3-384 hash: 2bb7a971b3f4cae336ee88107b89a094f4176db88cc69af09dd76ad61557e86e9c18d052a5360e2732c4f655ec9ca018
SHA1 hash: ad08d63dda127020b14710f98ac09c1cd962a0e3
MD5 hash: f922c0fe104d4b1fe24cd8fa90ed64c4
humanhash: river-indigo-high-kilo
File name:8ad806c00061733f75fbe6b53a598a505b4488265ebfdad71e9bdade87d8208f
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'218'048 bytes
First seen:2020-11-05 22:11:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cca8d3f490bf0e00feae0568e0bcc049 (144 x Quakbot)
ssdeep 6144:kywb1UklZzmm+a0rkG6LgwLUIW2KXPqD8Qz+Xu+iPQeARoLwl:yetmdvDk2UXPSj+XuJsPl
TLSH 4245F142F2FCC4E6E5F919784667532C65189DA89B21C05B73AC6F6CBCF22117CB620B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/84635/
Detection(s):
Win.Malware.Exre-9781425-0
Create hunting rule

Win.Malware.Qbot-9783629-0
Create hunting rule

SecuriteInfo.com.Trojan.QakBot.11.11330.15397.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Sending a UDP request
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ad806c00061733f75fbe6b53a598a505b4488265ebfdad71e9bdade87d8208f/
Threat name:
Win32.Trojan.QBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 11:14:26 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rlmanqaamfzt65p3422tuwmkkbnujcbgl275vvy6tpnn5b6yechq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201105-yq8789dq9a/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
8ad806c00061733f75fbe6b53a598a505b4488265ebfdad71e9bdade87d8208f
MD5 hash:
f922c0fe104d4b1fe24cd8fa90ed64c4
SHA1 hash:
ad08d63dda127020b14710f98ac09c1cd962a0e3
Link:
https://www.unpac.me/results/472c79e8-80eb-408f-8a34-6cd14d675269/
SH256 hash:
004eddee71cc32695fe945ddc1947513c4df15a833e845e4a3a68ca0988eb9d0
MD5 hash:
8a111b494c34295fa8023ee99eba74e2
SHA1 hash:
ec6676b93de59016c1cc800fa09f52b8829836f7
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/472c79e8-80eb-408f-8a34-6cd14d675269/
Parent samples :
91020b6ada47f05e9941da3d5fc747a4bdf088e30fdbf010b50ce9ccf0de0cc6
a7af3791a39b09053d1760dbddfbfa08a63e39349893215ac572efe60f63f6fb
091aeb6b9130213ab54c5e61ad4dfa059ca8a33889248d12f07ff9fa4d45a026
6c50059f2c2495d439e65155f1fe2179cd6bbf6f49a72e9b8184d5adcef4ff0e
2eb6ae6f2567dc3bb8e6cfba63593f8f827f2f97eec959825fe8466e1ca70e1c
f0a0c60b4db219ccb1a8531f55cd9f2efb559c3889605e174d38f72fde84da2b
a1dd12724c1323ae52913a7591c91fffa3646d90832b359038ffb4f08f568291
c4cee6ce82fa59f0b8cfe1bb188df433efa616ca43867abc33099becc3410f00
c4a8b6659d582cc68afb3a3375e962d7345252e8b7c718c376ce325488638d1e
9c0f36f7378f98a9bccaf96b6158a641471a2c71d298fb430a57128fab7e3c7f
ce6dc4e601c853d601e9323d27cee32af7f655e3a29515ff2120eff484913de1
157d36f50ed016b5eade0f1b8e35aa95090b7c71b8d8130e2a2da23826fd3b37
4b718b39e30d2c7549de2f16c86a6461cf4af21120fcf85c50a8be7e29522588
d4757044b206b22d85cbcea969ec2fac54170fa063f474705d3ee15b033823a3
cd489d4419856ce249111d38cb594227e9121750a50f1d3c74c396e337b8f22a
95b911691e93785d75097e9bf4bc2c36e4e19a036e151d8e569e06719be8519f
42cd987e407ae82bd2be3cd3fa2c9067a67dd479075135f31cb80419ec6236a2
5bc9bbfac8eebec0c1bbdb72896a1eef1e641cc20c5dc97a85a7dec36ccac010
571103ecc3730418d4278ac0aa0e3719ce4b4a597b4fd30377e30a0233e6fc19
24998c36b83d6f42a75649d299219be1a42e382da71049bdb67f417841bf52e7
69a11f306c099231e4f0b44287358f88d8456a700f857c2cbcf084accc197fe5
4529ac2694dd80d3cf6d9ed4b4bab8412cd44206dd680c829bce5cd3dd7a46ee
4104babcc38988d2c1c73bb89e34e80d071f1bde6eed83bb70ddc37758f87394
b23e156a32e42430d27664b751385c6189696e36aa78adc07f6c858f82690a6c
15bfe9de2e5b9afc8a19225ddf560e4300371832eaef145942cc36d48a9fe443
e8621af65a2c96f571e177852c0e16a26e9009ea7c5601bda580f78c1beacce0
a3ec35db5b047fce4aa5e0ab8b87223d52c28082e9c443b6932b81095b656577
2c0fa041a3346011d82bdf016f80ad04e3140a8d472fd85771107fdd3e07f3c4
8ad806c00061733f75fbe6b53a598a505b4488265ebfdad71e9bdade87d8208f
cc763f64ac2044f6eeeea0ccb6e0e1b01489477d267d021531e262e61ff2ee1d
a6a613497539a59a67f106b7e32d87092dd2ae35a6efc4dbefba1b33f00ceddb
c7711d552c7732dabf7815e0c1b4e3983a5d9e85a2287a4137d3dfa52c269935
19b343fdbfe9a905a4bd8b09e13aeab7b152d748298a351cff0a7831bccfbd1b
bf11a6c85dcc7caac822998e78bc98f4a05819c282c71c6ee96c66950bb4cde4
282e2d8ec52f33c23d33145d21df22c11d7cd1277a5f4a3f3dcc63322c100c44
65b6d61c55d2540ee57521247f6dbe434dab17f13781ed586b0c6ccdfa0b237c
28ca18ee3de1d107378b26a811e4f98a830e1ecd28035cb84907a0d515b0fc5f
8010f31900f70750494b36151e5cb9d45cb34387e2d37d29faf04e43c8d84991
dc2d5e25d2d8802deb7527e84678d4eb327fe6be698a2f8fa25017ea51b2f415
4f99f9be71b45b5393ebe0d3dbf6922db1e49becd337ba8d553839570ae56b5d
7083d160be4446179da97de38b7487f0797e71eed65c7b8e14d755337f26a129
7ea78946aa63674143a08a5de662a703d05cecc48ee5082600d59c8395d494df
58a2ffeb0a6f826e47f41de5d28b2a37b444f44675cfc74f9fb153863675ca1c
cbb8fe7f9212ba05a84c233f93dd837ac6ca82c6145a0202bc5f5f483c6344df
62cb54f61929de9949fad1258c5265f0b4d14facc63c7aa19eb7711766fac158
bcfb9a6bd51f07aa54b86883ef3bb3a95edb78baaafe3897f15257f8b66f1c9f
239785f227b5a421ea1e85ba927eee0666ecef1ea401bc9b7c51a3f2a334a726
00549af5f9274f6cd2de1906548045ca33f609cce5eea027d797280d4485e922
4a6b67224822496db51ddb712eb2a028e5f55f8145bc02f7208cb9c5f1b9de94
8e2129f3596365d89df765bd503ec6002def0f98d1d228fdfe2a81411a566323
003dcf634e84b8ddf41f0d6dcc20fa04dd752a3e7b6b8215eebce1f6a60b1a3e
44724e280f98463acfd180d4e8660b978600abb91cf73f3b40956b18734ca558
b9b9f11dd7fc4daed4f17819f754c4b6a00bbdb41936c532723fed373f371faa
b69d33dc2485bece76b57e95d38f004df4c5b390301eca0333b2f603139915d5
f8037c9e711194be28ea3108f1e7df6c69074dedb7cbcadc3d4ec464d4ae81a3
9f09e141107c4b264c46b770164c3ed11495abc81566680e9045c52aac1e3cd0
b560931e1453de5fc79b02cfb50f65cbae2e374a1b90043fabed0f7bdd143fcf
71e0434c0681d5d0af7a39194e999c2ed213f5059689548871f5a42921ea790d
ae79ac85a48dff0f43ab98d96afb9252ccb1418b6a446e00a599cb656e34f8d9
04703212f1ac76700b8b5393598ab1df8032263d53e20c32ac1ee8f73509f433
c131ea3d94d99068c1b4b4e4d3cc497ee591087ecf4894d9f9f1f5687538c9a6
19c5ec7149acc09319116972d0af951919db87897afeb3787a0bc144d2c35cfb
0e39ea1774246d093cc427bf3ac1d4e0c949b59a5426a39f43a63ffc657f5805
8a0781d4ae49c193d9a35a8d43cc93ff690b805618bbcce3c0c8faf41a93c1f3
0fad6f2f565db26ddca902185af6b2e2a58f274a7512cd1c01d1af79ea2ed068
23029ba6811d0fd53545cf0ad78b608e1c5849482a9ef56a2041a7319c81683e
40dff40e73148e4058d67fadcb3f86bb7eea163b13cca971b7717087ec0ae9bf
SH256 hash:
01f3e9d8ce217dcf49b71c1356a47edc47a079cdab62444bacde3a5dbb6ce5b4
MD5 hash:
dc0cea461f9234b8519d20a4e65df27e
SHA1 hash:
fa8fb20c98259eb66ee891ed8ceb59ee09e4f260
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/472c79e8-80eb-408f-8a34-6cd14d675269/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/699334/
Cape
Cape
https://www.capesandbox.com/analysis/84635/

Comments