MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab934f3725ad166b116da19a3f8d2215e0511f41efe1eff17d6cc30c5258726a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab934f3725ad166b116da19a3f8d2215e0511f41efe1eff17d6cc30c5258726a
SHA3-384 hash: e2d61ab141257be0eef325be8cf87ed4eda37057fb5b0abc6f5a249d989eefe5165d61c8766b3ea09a8c09ad52e10b8b
SHA1 hash: 19aa39286f4cff247e592c01c8991c485f7fe9b2
MD5 hash: 573796cc447144d98ecb0f8e10a61e7a
humanhash: quebec-seven-zulu-social
File name:ab934f3725ad166b116da19a3f8d2215e0511f41efe1eff17d6cc30c5258726a
Download: download sample
Signature QuakBot
Create hunting rule
File size:3'679'184 bytes
First seen:2020-11-06 11:23:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69130f777fe76a2bf8f47f76eeade0ad (14 x QuakBot)
ssdeep 6144:SLeKM/GlkobrHZ3FWO8QSfZQBeCAm7hUsetSyc2SY:SLQon53FWO8QLeOscTY
Threatray 777 similar samples on MalwareBazaar
TLSH 4E06AC61B87640B4FC6D38BEE090587A611A9D054FF2C926622378F9EDF7C8861F748D
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Qbot-9777795-0
Create hunting rule

Win.Dropper.Qbot-9777796-0
Create hunting rule

Win.Malware.Generic-9777798-0
Create hunting rule

Win.Malware.Generickdz-9781674-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab934f3725ad166b116da19a3f8d2215e0511f41efe1eff17d6cc30c5258726a/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 12:00:17 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=voju6nzfvulgwelnugnd7djccxqfch2b57q674l5ntbqyusyojva._file
Verdict:
malicious
Similar samples:
0652d513a2c43aaabbb806eeda3e035aa3b12449a718610d42453896d9f97751
QuakBot
4b231fea483d6349aecc70f62ef4ea61c81f09f00e691b74011fd9f5c6b7016d
QuakBot
4fa4681fb15cc3c5628440572af17146f6244c7eab01c0beaf3be3a51d0840f0
QuakBot
77156ec82469bc688ff6fc4c82ceb4e725347dcdc1ea0282d44de212b53d564e
QuakBot
9adfaa5b63a6a5456740d383e463055f47b796114675f0912e185638ad135d4a
QuakBot
aaa0da1c0fb9454c515f728a3f1f96522acbec7e19af77d4b29dbcb429989b06
QuakBot
b78c608b6efdbcab010375b990d029eefd2aa139b5796cd5b10adf50a8e48ec3
QuakBot
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
QuakBot
c400f5c21e47baa6883e6387af364b59cfa93a542e6268fa67b0b3b554f39dca
QuakBot
f15e75823d25a23ed5ec3c5236b514add35a9a104803f0e16527c087f8a7c26b
QuakBot
+ 767 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201106-lvkn15pqq6/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
04b580a004ab9fce16d8ab3a9ac8ca293911382ffd86eb62a53f9f573a4991f7
MD5 hash:
187ae986680af35f62b5590cdadba40a
SHA1 hash:
b11707ca8525e9e8691288220360ae0f86877586
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/a7c80413-8dba-4ac8-a79e-aa1eda344818/
SH256 hash:
ad8546d0f2c6ad8baf1a2ab56a241b1b1895e3a600c0f87fd02571cc5af1df66
MD5 hash:
0e1f3cb5475340570b9754c02ccd8810
SHA1 hash:
beb9c3c599381b044c70385d04e2e34ccbc232a4
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/a7c80413-8dba-4ac8-a79e-aa1eda344818/
Parent samples :
4b231fea483d6349aecc70f62ef4ea61c81f09f00e691b74011fd9f5c6b7016d
ab934f3725ad166b116da19a3f8d2215e0511f41efe1eff17d6cc30c5258726a
SH256 hash:
ab934f3725ad166b116da19a3f8d2215e0511f41efe1eff17d6cc30c5258726a
MD5 hash:
573796cc447144d98ecb0f8e10a61e7a
SHA1 hash:
19aa39286f4cff247e592c01c8991c485f7fe9b2
Link:
https://www.unpac.me/results/a7c80413-8dba-4ac8-a79e-aa1eda344818/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments