MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b09800a47c1d63e0eed290aaa4ee33d5e426ee475b8574e6b73aac41b62a9d8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b09800a47c1d63e0eed290aaa4ee33d5e426ee475b8574e6b73aac41b62a9d8f
SHA3-384 hash: 95015ccf3d655a05b8c66402ea23e80a39d9c0dd7b0fefee4e22f3303a48cffde5c6ac571d91b4d84244e1c46c9badd7
SHA1 hash: b56f3aafc6a8215b188c56103e3d4b2575e7e85f
MD5 hash: 8ecf16bcc46691cf4caf8a78329ad629
humanhash: jupiter-oxygen-coffee-video
File name:62e2caea86b4c6953ac747680bd18049
Download: download sample
Signature QuakBot
Create hunting rule
File size:357'336 bytes
First seen:2020-11-17 11:57:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 31c1fbf2072b4f50b46f7981d9d104e9 (77 x Quakbot)
ssdeep 6144:uks86UY9Pnx5aQULfR4HipJGQs0ltFZEHOW9Pnz1UVQo7E/MWFeZi/m6hC:uVjL9PnaQUjKKFBlDZEHOGhwQo7E/mZ9
Threatray 1'750 similar samples on MalwareBazaar
TLSH 4374D06FDB2B8850E2713FF745C64BE84EB7B8953121970A4DC1661A2CED3D43D22B98
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Wacatac-9791842-0
Create hunting rule

Win.Malware.Generickdz-9792157-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Launching a process
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b09800a47c1d63e0eed290aaa4ee33d5e426ee475b8574e6b73aac41b62a9d8f/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:00:56 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wcmabjd4dvr6b3wsscvkj3rt2xscn3shlocxjzvxhkwednrktwhq._file
Verdict:
malicious
Similar samples:
1620749c2e2d50aa0412c42c1f2e93f4899a7aa5b846f67dfcf267eaa89aca6a
QuakBot
29fb0f30a7a72018cf791a5b659c4b69014f050239f8ec4199768935f3bc2a5d
QuakBot
37e78416999a22c5ab00c8ba6f18a1a104f3176bfe426d06188cc05295894dd9
QuakBot
3c1dc925777a32bfeb6d2164cf0f960243dd06824f8892a76f9f9f93a2ded0a5
QuakBot
7e5c808f18e071c4cbe25e0fcda79098c1d187dc714dc113fabf58c53ec26e10
QuakBot
84ea1d6f703308173be45c49a453bcb111b0083ca89e63bada6d860898b23231
QuakBot
a3bdfd76ef74a28ce0dd8b7fdf2e86f911b329dbcc2b543d09a813e246958407
QuakBot
c0270389df3bb82bb226f9922343cda31f1316abddb18d45d022cd86e413a18f
QuakBot
d4a08401ea545127d91d808de0c006f1771a98d1e9ecc1f83e3c802e9543a7b3
QuakBot
d81f6dd986f5cb5882809c619096399d324bc51b20332392c2a23cb4bb0ef8a1
QuakBot
+ 1'740 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201117-vw5xpd5qvj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Qakbot/Qbot
Unpacked files
SH256 hash:
b09800a47c1d63e0eed290aaa4ee33d5e426ee475b8574e6b73aac41b62a9d8f
MD5 hash:
8ecf16bcc46691cf4caf8a78329ad629
SHA1 hash:
b56f3aafc6a8215b188c56103e3d4b2575e7e85f
Link:
https://www.unpac.me/results/3c77689e-71c6-4156-ba73-97645ac5f4e7/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments