MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
SHA3-384 hash: 13fd887a59bbb987aedf28eea0b836698e87a7cc84b573f687718f853cc0a643a3cb86256377d18de736bf7112dc2cc0
SHA1 hash: 7db1424d0ae118bd331af996b6988d5e34eb7a74
MD5 hash: e27a7ae99a3360ccae86ca7a2616af2b
humanhash: crazy-pizza-victor-comet
File name:b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'090'544 bytes
First seen:2020-11-13 15:39:32 UTC
Last seen:2024-07-24 20:38:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:6ZtrRjaFXWAIgRD83dFkFICdy2ws7NbDm6Z31EyBEgfYnMtjKkqGInR+HlZzm56s:6ZbWWAhOzxn2wdR2Kz5UhulLhJ9FCe
Threatray 1'313 similar samples on MalwareBazaar
TLSH FA3522D3F9BC8471CAED2C7B8993123C9A9985E85D05D10B0778A5ADADF3300FE9644B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 15:43:24 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzccazmgw2vabubduzo2g42qhasoncqdfcinjsuz7bjsev6qpxaq._file
Verdict:
malicious
Similar samples:
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
QuakBot
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
QuakBot
18a52a088f46ae8a4dbfc27760bdb3e22dda61ed353c8b8ff3dc16aaa1df4c43
QuakBot
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
QuakBot
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
QuakBot
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
QuakBot
a401e9208a31cca327a31ee872a258b358dbd276304625e461d46f5c656d5723
QuakBot
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
QuakBot
acb1a2562d23cd06da04a144712d3a0fbe7a7c37cd7532a2f0986803e44554ce
QuakBot
d25368643d599cbdf56c6eb579505b3f21e4b00c8f1c8243cb18040c66751a3b
QuakBot
+ 1'303 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201113-taw8kebf16/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
MD5 hash:
e27a7ae99a3360ccae86ca7a2616af2b
SHA1 hash:
7db1424d0ae118bd331af996b6988d5e34eb7a74
Link:
https://www.unpac.me/results/3dd9c13f-1af3-47cb-a61c-bc7fc8397547/
SH256 hash:
52967f6ba913e7e9d7e4d2fdfa5cae1b60c6eb7043c919f1cb37b44e9470a851
MD5 hash:
10f0b4055e20a263a0b027a3e681c810
SHA1 hash:
110a5bd1db6b78ee9c5ca0c2a74c6d8ee3da6c88
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3dd9c13f-1af3-47cb-a61c-bc7fc8397547/
Parent samples :
acb1a2562d23cd06da04a144712d3a0fbe7a7c37cd7532a2f0986803e44554ce
b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1
056d2928fb23fd229cddb9b79ac084e58e3340c4c8e4a403ceb81d149749892b
063e0c71b3ede4a7d8a8cd1d1e35432b2e3ce0bf1dfd58c266e93ea91b8895fa
5b2a3d67ecebd9a22fc7452f012273a7e5ed5b6331096505aa44f1ac8696c35f
SH256 hash:
eedb107c6d2ae5e382c207ae7ef468c567ec9afa51f667315e82b6645d8289ce
MD5 hash:
3a924e11ca5cfd80cc4ca756f6b25c3a
SHA1 hash:
effd1a9cd69c1ad2094726cc98060818b7017f5d
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3dd9c13f-1af3-47cb-a61c-bc7fc8397547/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b644206586b6aa00d023a65da373503824e68a032890d4ca99f8532257d07dc1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments