MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e7fbfa1a3abdc2bdeadb9042ceb49a49e7559b4c97d7b200584171bd228bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e7fbfa1a3abdc2bdeadb9042ceb49a49e7559b4c97d7b200584171bd228bef
SHA3-384 hash: 825ba8a397781fad6b9bb9ba11b90c0bd96de2669904807211ad5089814fe239b97d6c2d809d671c7382875d6af8f77e
SHA1 hash: 6843c129153dd3c82eb400962b805197cf038e73
MD5 hash: 9a567b4be29e20df94168d836f419d2e
humanhash: arkansas-sad-thirteen-moon
File name:9a567b4be29e20df94168d836f419d2e.exe
Download: download sample
Signature Quakbot
Create hunting rule
File size:689'152 bytes
First seen:2020-05-26 09:35:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e5bc74f731ea8626c5c455b44885e2a9 (11 x Quakbot)
ssdeep 6144:AXFqnMdDCDWua+FJ6t3KV05Qkq3yJJL6nvL+jZbjryp9ORALvdL:yCMwVaYQexaB0v2ZbHE0CbdL
Threatray 420 similar samples on MalwareBazaar
TLSH 22E4E01B262F8F6FFFD6723510ADF4B19516FF8D0727A8323A60B199B1A11974836B01
Reporter abuse_ch
Tags:exe Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.40569.15517.766.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:24:46 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c63faba52a07b325662821bd818f9a2f86e927ee9563c86ee832cb133d431b6
Quakbot
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
Quakbot
30294b7042b6e94b7ac7d2f6641b89017ace586f42143b3b61e4286e2c6e7af8
Quakbot
6833103ea9ce11c1a8deece38363ed984b60d736c9bf23f64fbb9ff9b8e6a8dc
Quakbot
7ec71cc6ad5841a4db6a15705ba7a68fc2c888426d3a0b56ac96f1c87bbdcdd9
Quakbot
9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317
Quakbot
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
Quakbot
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
Quakbot
da97d22eb7016e9daa46962d9c6eb47d9227ad534a996531b793cd00f71b36a0
Quakbot
f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
Quakbot
+ 410 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d97b3wt62s/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_qakbot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Executable exe b0e7fbfa1a3abdc2bdeadb9042ceb49a49e7559b4c97d7b200584171bd228bef

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367933/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/367929/

Comments