MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuakBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d
SHA3-384 hash:	31fa807021234f4105ea250eb0070c63dc2e8dee9ae1825093cd0e3859e97ab2f148e0953471965caf8b56c817c67ae3
SHA1 hash:	3cbae212b54f9590bae837dda66db27c780c20f5
MD5 hash:	94731ddf7df6c50c91a2129b9587d414
humanhash:	mississippi-blossom-mountain-item
File name:	5d48ea743ece4c331f5c637cda1c2028
Download:	download sample
Signature	QuakBot Create hunting rule
File size:	1'084'416 bytes
First seen:	2020-11-17 12:14:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep	6144:lzXjFPHRQwWIARD83d9kFICdy2MsmNbDhzZ31EybEgfdfktjKk3GInR+HlZzmf6s:ltfqwWhOHxn2MI2uK+fUhulLhJ9FCe
Threatray	1'711 similar samples on MalwareBazaar
TLSH	C63512D7F9BC8471CAED297F8993123C968A85E85D05D10B0778A5ADBDF3200FE9244B
Reporter	seifreed
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Forced shutdown of a system process

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d/

Threat name:

Win32.Backdoor.Quakbot

Status:

Malicious

First seen:

2020-11-17 12:18:16 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wzpfs54cox3evuwuxkdkgcnfejgmxelzzv5da7dg56z7yzbsyu6q._file

Verdict:

malicious

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/201117-pbjsl6pc2n/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d

MD5 hash:

94731ddf7df6c50c91a2129b9587d414

SHA1 hash:

3cbae212b54f9590bae837dda66db27c780c20f5

Link:

https://www.unpac.me/results/f8547b45-057d-4cbc-875f-a2d19ee307fe/

SH256 hash:

f020355c6de8c2b74d97c3035206d03de27460e0028ea76d60d02550fa76d93c

MD5 hash:

d02c1f7295564f910347f1e7bb4d93ab

SHA1 hash:

df5519de0ec1c45f3d28bd6aaf02b9467c09f15c

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/f8547b45-057d-4cbc-875f-a2d19ee307fe/

Parent samples :

c96411f12a48da05040dc9cccf208ae0506bbf1c8d1c2e5a6b02fd5f26eadcf0
36f09e30f8b3f4efe845d4e344e847219c9c62a7fa9a61c2d8d70969d19726ec
9d37a0bbc963f04580d4bf12d15c0938f97a7bd299597c8852b818f519f2bac5
a5ca536851022178f40b4690db0c5563020c8b6fcaa22f6c3abd876b72dbccfe
26c106b25d01fae3d0b94af6286d755175af9cf28b99c0b4453548ac375ce890
b65e59778275f64ad2d4ba86a309a5224ccb9179cd7a307c66efb3fc6432c53d

SH256 hash:

1d5828f3dda7e7d9dab4e2b8b5b60fcf53aaf7fb7788f54f5c74a7b55e859530

MD5 hash:

7952df6b9e368ba5cba69caeeadc41b3

SHA1 hash:

f6fd292612f9907bf4f78df88fddba7908026862

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/f8547b45-057d-4cbc-875f-a2d19ee307fe/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample