MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88
SHA3-384 hash: 3654184771402bff98e55a0baef74fc0d2bba49e275e0324f94d0632d2df95b5374128b920fcfa92b4aba7a7e78963b2
SHA1 hash: 316ce1e604d3bd1571fc60598718b3f6cf8d5c0a
MD5 hash: c385df6dad6414c5834268634718ec62
humanhash: timing-sink-lemon-speaker
File name:b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88
Download: download sample
Signature QuakBot
Create hunting rule
File size:256'016 bytes
First seen:2020-11-05 22:15:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:aawCRk4Z0NhbhkX2RaiHwRBPvWkWqV1L38ucnc2:mGk4ZkhOGDQRBP+kWqXouac2
TLSH F244D04253DC4045F87796BB8C7282201152BCA5572E9FDD0EC5B3AD4F39E62AFD0B2A
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/84803/
Detection(s):
Win.Malware.Generic-9785186-0
Create hunting rule

Win.Malware.Eyho-9785652-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 10:21:58 UTC
AV detection:
27 of 28 (96.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xfu6uxgtcnprt5mmcnmfbeybg472gghx2fberx5ezxdfslrkvoea._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201105-x7jy28mf4s/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88
MD5 hash:
c385df6dad6414c5834268634718ec62
SHA1 hash:
316ce1e604d3bd1571fc60598718b3f6cf8d5c0a
Link:
https://www.unpac.me/results/df71d014-8ca3-4332-996d-4308fe5f7d3b/
SH256 hash:
bce9ff101855c4529d4f5da3c792aad8ae1ea4913e75aa4f40082310f40a23e7
MD5 hash:
e0a5bb319caf6a52ece307643f031b5c
SHA1 hash:
295fe253a379ede5e8fd89920f8a6abeaf2912ca
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/df71d014-8ca3-4332-996d-4308fe5f7d3b/
SH256 hash:
408c6261d3fe607be9533196651bfc481fd9cdf6ca53e67ab555a1cd584b5fd2
MD5 hash:
64bdd45abf6db36b5ab2aaf210fc2de5
SHA1 hash:
e2c56be94728a17db37fe6d1699d2d53e3720e6a
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/df71d014-8ca3-4332-996d-4308fe5f7d3b/
Parent samples :
6cb75c332da3645c1a3febb0cd3721050d935458dba93cfc6fcd18b6224f68af
96f3ce81be9c325cbcf7a4d6ac1d9f853786f438e14c7ac2efab1f3a9f92e17e
dce8c0a91515f298034dbe9d3db8d391a3989b3f878a64be5548a29f71ff3fa2
4ef6244713f63fbba1b41434adf98b4d62ca2095641505252591eeba9ddc252a
2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603
701f1480dd42b05dcee4b5c3bd4c5baeff138c7b0a31003471a691b7f41465f5
b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88
fd838d99c76785f287c2088b82ea9d5d39dcb3dd8f0ad6af19b20167a544bb5a
bbd7c6b69b24afae38e8bb8dad1d1b05d0cd692add80cadc409bf02c9f41ada3
0387dd1d6d022e64582227a6a3edc92bf2b4ce4742bd948fb5a293c4d19042c0
bee777bdbb59c3120bc7739f233ac06f45f2b7f538c343e0be94c61de5071c0f
4cf82d583d9b0a153239079f9a0058ef4b2e6c6be2f0123b9198c561ffd42364
29e227af74dd7f3b308cab571f0b9db60a18745802259119e13fcaf353d18e67
4bf66097567db93b546d2b672c0c5065921582f13284d9eb68847309b00204cd
4dedb88eb83be1c251bf6334bbb2e1c1ca97f9983e54f2838e2f717001d4e266
eb9df43f0a8cd991657ff6034bb5daf779e8aae976b1a9e2c77a88991a015084
ee692f16050292a1c8ce5f4102e2d3e394d107e9e1b2d6315ad3cc0acc9865b5
bd7ae73fc5365d137acde6d2793a6bd12046d651cc53b4554dabbf0f782a0238
b844fa5e0fb285b30c46e7d4d384c87e7284e3560d68530cbaa1991862b82913
b0298ac579dada46528e0971fa161f422523141cbd327098eeb24c5b0f514af8
bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32
6bbb48104c5bb62141fc25770483777820d3c9e8cdecc962d8ea2a3569aa5fdb
56d529f84f59923d5169bae5e6c2b9f476aea1faaa58a85d38ba8e8551dca502
39d6cd237b99668d5018f346f4d71fae6cf2f085ca36d6d008d43fac5eccaea0
0f579a0fb58adcbae4da44603c3c2548aeda4de6b1ba82357c72d34dc71279ab
6374838e7cd98149f7e3e7384265e8607c1e644abfeacc14237f37bf2f32aa5b
f8f4b44d49ad632d96582d49f2f481f7bc1766c45a394cae0ddb4c703b10e56d
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/699329/
Cape
Cape
https://www.capesandbox.com/analysis/84803/

Comments