MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32
SHA3-384 hash: 793e5eebc292567d99934729b3213ed69dc8db37a9070d9757ca61144e4976670bca66a78450d9dc01e47de8cc2d3024
SHA1 hash: 42206b1d48aede12190e437961240a3a6b96e667
MD5 hash: c1904a67e5e4fa8d0a17435a87c14367
humanhash: foxtrot-gee-mexico-texas
File name:bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32
Download: download sample
Signature QuakBot
Create hunting rule
File size:256'016 bytes
First seen:2020-11-10 11:04:52 UTC
Last seen:2024-07-24 20:51:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:ankh/mOzwhLo4Y6e5ixGlB6EIde1MDlHnMo+rUX:J/PwhLo6+hljMxHZEE
Threatray 959 similar samples on MalwareBazaar
TLSH F044CFE113E84150F0BA76FF587D83604A22FCA7992E6ADD578073AD5B35831BB21F21
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Qbot-9785161-0
Create hunting rule

Win.Malware.Qbot-9785187-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 11:06:46 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmwmbt7vuyzlochyyfsd25mz22dgajg6yuqgug4ia2p7yem7rqza._file
Verdict:
malicious
Similar samples:
0d0d997a7c42c11b60cb1e265b015f2559719f640c2adf1c1bf8b85a434a0d0d
QuakBot
45493d88dd9d1670f48aee096d0ca99110337ffbd4d538dd39b2ef3a13cafa63
QuakBot
5cee757e59d42f29564088c4a3eadab65bb557cb1da50f70eafe297b02485174
QuakBot
78749911faeac0032bb0c8562761fa6ee3fb85f37e099f5169d9dcc29c8024bd
QuakBot
96c5af48139b4ce4b2b074e2840d24851a39e80213bcc92b8b733b386eacca9d
QuakBot
af7c0b516a039a084e5b074c2971e053c9ca3c2690a06e200570e61d58ae9095
QuakBot
b0298ac579dada46528e0971fa161f422523141cbd327098eeb24c5b0f514af8
QuakBot
b844fa5e0fb285b30c46e7d4d384c87e7284e3560d68530cbaa1991862b82913
QuakBot
f82b9272137a67377451d1f1516511ff05df90dd75af0a53e55ef30e0e21e483
QuakBot
f8448d1b0ae69aba4768561a8e61cf067618aefd2749a6ccd9718a9a1e36e751
QuakBot
+ 949 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201110-yjh1fldq1a/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32
MD5 hash:
c1904a67e5e4fa8d0a17435a87c14367
SHA1 hash:
42206b1d48aede12190e437961240a3a6b96e667
Link:
https://www.unpac.me/results/54f79f60-fc9f-4703-b799-4d764379942a/
SH256 hash:
af5d9a28dcb69fa760beb449f9beffd6bf27b62c397ca90572499e348b624d59
MD5 hash:
7c0ae55698f67a62cd2baff97c170f88
SHA1 hash:
86263aa23cd470246abe35c5d7ac9cba36cf0f58
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/54f79f60-fc9f-4703-b799-4d764379942a/
SH256 hash:
408c6261d3fe607be9533196651bfc481fd9cdf6ca53e67ab555a1cd584b5fd2
MD5 hash:
64bdd45abf6db36b5ab2aaf210fc2de5
SHA1 hash:
e2c56be94728a17db37fe6d1699d2d53e3720e6a
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/54f79f60-fc9f-4703-b799-4d764379942a/
Parent samples :
6cb75c332da3645c1a3febb0cd3721050d935458dba93cfc6fcd18b6224f68af
96f3ce81be9c325cbcf7a4d6ac1d9f853786f438e14c7ac2efab1f3a9f92e17e
dce8c0a91515f298034dbe9d3db8d391a3989b3f878a64be5548a29f71ff3fa2
4ef6244713f63fbba1b41434adf98b4d62ca2095641505252591eeba9ddc252a
2b8eb8d6cfc169a994f3cf64d13c519969796e67fcfc8d677c159c3f51098603
701f1480dd42b05dcee4b5c3bd4c5baeff138c7b0a31003471a691b7f41465f5
b969ea5cd3135f19f58c1358509301373fa318f7d14248dfa4cdc6592e2aab88
fd838d99c76785f287c2088b82ea9d5d39dcb3dd8f0ad6af19b20167a544bb5a
bbd7c6b69b24afae38e8bb8dad1d1b05d0cd692add80cadc409bf02c9f41ada3
0387dd1d6d022e64582227a6a3edc92bf2b4ce4742bd948fb5a293c4d19042c0
bee777bdbb59c3120bc7739f233ac06f45f2b7f538c343e0be94c61de5071c0f
4cf82d583d9b0a153239079f9a0058ef4b2e6c6be2f0123b9198c561ffd42364
29e227af74dd7f3b308cab571f0b9db60a18745802259119e13fcaf353d18e67
4bf66097567db93b546d2b672c0c5065921582f13284d9eb68847309b00204cd
4dedb88eb83be1c251bf6334bbb2e1c1ca97f9983e54f2838e2f717001d4e266
eb9df43f0a8cd991657ff6034bb5daf779e8aae976b1a9e2c77a88991a015084
ee692f16050292a1c8ce5f4102e2d3e394d107e9e1b2d6315ad3cc0acc9865b5
bd7ae73fc5365d137acde6d2793a6bd12046d651cc53b4554dabbf0f782a0238
b844fa5e0fb285b30c46e7d4d384c87e7284e3560d68530cbaa1991862b82913
b0298ac579dada46528e0971fa161f422523141cbd327098eeb24c5b0f514af8
bb2cc0cff5a632b708f8c1643d7599d6866024dec5206a1b88069ffc119f8c32
6bbb48104c5bb62141fc25770483777820d3c9e8cdecc962d8ea2a3569aa5fdb
56d529f84f59923d5169bae5e6c2b9f476aea1faaa58a85d38ba8e8551dca502
39d6cd237b99668d5018f346f4d71fae6cf2f085ca36d6d008d43fac5eccaea0
0f579a0fb58adcbae4da44603c3c2548aeda4de6b1ba82357c72d34dc71279ab
6374838e7cd98149f7e3e7384265e8607c1e644abfeacc14237f37bf2f32aa5b
f8f4b44d49ad632d96582d49f2f481f7bc1766c45a394cae0ddb4c703b10e56d
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments