MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c622a97fff3ca6668bef65dcbb0798c9e933317424f10d0f20b21b86f20d89c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c622a97fff3ca6668bef65dcbb0798c9e933317424f10d0f20b21b86f20d89c
SHA3-384 hash: 116af93a79ab33bddd19fa7c85d7acdc20dcc0a163a1e5a4bee5e660372424289513e3d6ccad3a25a92fe6322ea632dd
SHA1 hash: ad98db6cef01a354d8380e26c3b2f0ef52f98948
MD5 hash: 2008c7d12ad955356a1e4404dc877274
humanhash: whiskey-whiskey-two-johnny
File name:SecuriteInfo.com.Mal.EncPk-APV.21419.16422
Download: download sample
File size:573'968 bytes
First seen:2020-08-04 23:30:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab3ea6147cf30c3045e45f2bd2d3ac0e (8 x Quakbot)
ssdeep 12288:BtEMUvHKtJ+X6tkXbcv289AqTVc2xrWycJI:XEEtJqw+89AUVcarWysI
Threatray 409 similar samples on MalwareBazaar
TLSH 2AC4E0147E311EF3D42209735DB3D231EA9D1C28669684002FB4F66E3B36EAA5BC7D91
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.21419.16422.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/410038
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c622a97fff3ca6668bef65dcbb0798c9e933317424f10d0f20b21b86f20d89c/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 23:32:06 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00b6ac9409a35efd54cd1cfeade841d0be7f223364c0ae16ef2188bf06a4bb15
09c69b44ebee61c28b98a3d0df77fd22026da5a355e851f95164797537703521
2794656a18cb7899441cf3ed7678b282fc49a736b0dac62e304f185a13d3fe3e
39093e13c719696d510f790d601e904f7bdefa23f5bf1840bcd89496d972a4fc
3cd034c889355d26c1d1b07ef9dedfb57bc4842bdc083fc5d9fc165d27b49319
652bb2096d56a3b060aa8647c7e5df367df5e126e88fc563ae79019ea430310e
6776f02bc6b2e01ae7e68d89438cc4f96d8cbb5b8268583a02f1c959ff5c330e
a5a2de145e0dd369a8e1059d3530d89a366b494c8c1246f454f0b7eed6cfef82
b2e312a2690d59a2c3ad0520e0e60dd046fc66e039a0c24baf349e959e87b006
d26f7e7cee5db195c9509b1d5824b03e3fd74fa60b164a96be20300597d51c7e
+ 399 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-5gl9t7mxvj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c622a97fff3ca6668bef65dcbb0798c9e933317424f10d0f20b21b86f20d89c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/38926/

Comments