MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
QuakBot
Vendor detections: 6
| SHA256 hash: | b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72 |
|---|---|
| SHA3-384 hash: | 482f20b12edd0d252c722c58d306a21c21ddb1e77a4ab13382b6501852000adc79f8eb6d46e10ef523b356bf493d42ec |
| SHA1 hash: | 0533bd4293a5161f674bff9f37627cb0ee07d285 |
| MD5 hash: | 659151fcbf96ac0cfbb6d42203104dd0 |
| humanhash: | potato-cola-beryllium-bulldog |
| File name: | dfdda043ccefc623ec70f316e66c8e4e |
| Download: | download sample |
| Signature | QuakBot |
| File size: | 1'226'240 bytes |
| First seen: | 2020-11-17 15:01:17 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 65b7e4d2b8f7b3cf1dfc4bed557e0068 (13 x Quakbot) |
| ssdeep | 6144:H1vIxMWY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJR7:DH6AoS5EU/Lp56kBgXOInmNouL+Lwb55 |
| TLSH | 2E45D10DB737C040D3A62FF605920B98E66FA8A93B2091075BCA770D3DF93E57867589 |
| Reporter |  seifreed |
| Tags: | Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Enabling autorun by creating a file
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2020-11-17 15:14:44 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot banker stealer trojan
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72
MD5 hash:
659151fcbf96ac0cfbb6d42203104dd0
SHA1 hash:
0533bd4293a5161f674bff9f37627cb0ee07d285
SH256 hash:
5cbd3e7016d9bc402f7d8112ed442b4137f50c46f2acdede258c13f448ac656f
MD5 hash:
9573bb535a0efa2a65cd65fbeec23229
SHA1 hash:
a383dbc56bf82518aeb5dfb94c3022f5c2ee41e6
Detections:
win_qakbot_auto
Parent samples :
8f34f7308bcf431f2e8cb0b609decc1d59a01283a2e63c423337a8df158352fe
31f3cd8583668c63677e4c201f4648df7d57c0f80159c339e00751a75cf32aad
648433c9260784d21960fad81af3736fb033cfa0e7fb0f55c0404a9ffeb16b9e
7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
dfae1e916e03a97ddcd5a110077f2f7da196ed7999e1172194681f096bdd2bcf
246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72
31f3cd8583668c63677e4c201f4648df7d57c0f80159c339e00751a75cf32aad
648433c9260784d21960fad81af3736fb033cfa0e7fb0f55c0404a9ffeb16b9e
7d0af64e30e99a17f6e1dd6a65de3b1d1de52a494a4a9ff0c480f41e85320161
dfae1e916e03a97ddcd5a110077f2f7da196ed7999e1172194681f096bdd2bcf
246a1e2b03061fe58576567a470a0a8400502d384e558565c9124070ff71f1a2
b38e8bdea0d0e04a13e3102438f8a68aba9490a4ab633ef93a44c936cbad8e72
SH256 hash:
babd90d1affa91d664222bf7e4444841b42622bfce47a0417d0d19856b27e17a
MD5 hash:
7df64cdef15bdc411a1fca0242d4dd46
SHA1 hash:
94dad6a0a0fec461ceba147facfc385850c99eb4
Detections:
win_qakbot_g0
win_qakbot_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.