MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9270606fa398d1e8bf5791696c7d83ec91732565b04521249f6b625af4ecd8d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9270606fa398d1e8bf5791696c7d83ec91732565b04521249f6b625af4ecd8d2
SHA3-384 hash: 07043eba211ec6de7f9b783434322ed5a7691ea64a9303fc1aa7f6345a212d49c4e749e42ba169225d317d3e8adcd3b7
SHA1 hash: 58fe568c8a631d715da9515008cf91eeff4aae57
MD5 hash: e407da31ff22f4de4f6dd26338b1e6f2
humanhash: violet-jupiter-gee-thirteen
File name:9270606fa398d1e8bf5791696c7d83ec91732565b04521249f6b625af4ecd8d2
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-05 23:14:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:KRawthaHqZIMRD83d5kFICdy2cs1NbDEWZ31EylEgf9RItjKkuGInR+HlZzmr6Mh:KR2qZtOzxn2cZ+aKTrUhulLhJ9FCe
TLSH D43512D7F9BC8471CAED287F89A3523C968589E85D05D10B073869BDBDF3200BE9644B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13628.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Sending a UDP request
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9270606fa398d1e8bf5791696c7d83ec91732565b04521249f6b625af4ecd8d2/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 10:43:54 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sjyga35dtdi6rp2xsfuwy7md5sixgjlfwbcscje7nnrfv5hm3dja._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201106-6wnw5ps5gs/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/697985/

Comments