MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a42a0b4af3d8b614fd72685b2499ad686c32a881bf988ee111e0a3b2b19ebcd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a42a0b4af3d8b614fd72685b2499ad686c32a881bf988ee111e0a3b2b19ebcd5
SHA3-384 hash: 57ca5feb1059bafe6eefeacb686533c844d6ece10646e0d681d285d67afc49c8001e719c8fbe6e6b6e6967f4c0ef560d
SHA1 hash: 2aba2f86cb2c42d9027cbde3bf82c1a7a6d83906
MD5 hash: 4927f738b3a5003b73fd6654f1dc4bdc
humanhash: fish-shade-enemy-oranges
File name:SecuriteInfo.com.Trojan.Inject3.39661.6798.7247
Download: download sample
Signature Quakbot
Create hunting rule
File size:2'093'568 bytes
First seen:2020-05-07 22:37:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9682eab8b5bf2987119d6d40fd971332 (7 x Quakbot)
ssdeep 6144:Q77TbPD1Dj5YOQF2qTdGJ5zD7TZo6x87KT8Hb79lorfhrYD1rS:Q77HP5Djd+TOzD7dxI9s
Threatray 418 similar samples on MalwareBazaar
TLSH 10A58C113DA8E515C45A163BE952C6181E687C1BA9E4450A32B3333DFA3FF27D89CB36
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39661.6798.7247.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 23:35:23 UTC
File Type:
PE (Exe)
Extracted files:
81
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqvawsxt3c3bj7lsnbnsjgnnnbwdfkebx6mi5yir4cr3fmm6xtkq._file
Verdict:
malicious
Similar samples:
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
Quakbot
256198016ae5ea450648d8a8786820e44099a79e967d8a7d0bbf92381084ec93
Quakbot
30294b7042b6e94b7ac7d2f6641b89017ace586f42143b3b61e4286e2c6e7af8
Quakbot
6833103ea9ce11c1a8deece38363ed984b60d736c9bf23f64fbb9ff9b8e6a8dc
Quakbot
7ec71cc6ad5841a4db6a15705ba7a68fc2c888426d3a0b56ac96f1c87bbdcdd9
Quakbot
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
Quakbot
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
Quakbot
da97d22eb7016e9daa46962d9c6eb47d9227ad534a996531b793cd00f71b36a0
Quakbot
ebc49ac3e4f825e8ee294468f9e4c82fd1684844190b0dd1405cb0eb2782b227
Quakbot
f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
Quakbot
+ 408 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201109-wpbt61glsn/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments