MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc43d74e48156dcfd9991b8f5470d3f9e575a4937f368a0d856e30bfa81a74fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc43d74e48156dcfd9991b8f5470d3f9e575a4937f368a0d856e30bfa81a74fa
SHA3-384 hash: 70cc4bbbdb17f85931c9f71ca2f3ce2abc08f581adb06ea111e97d55c7daa3285ed65cb27f43c613e095cf291656e300
SHA1 hash: ef0fe95952917683f11f0db42c1f65c4c100146b
MD5 hash: c27ad8c0245465fead79e33bf0b1f2d7
humanhash: network-ten-jersey-hamper
File name:SecuriteInfo.com.Trojan.GenericKDZ.69361.30232.16703
Download: download sample
File size:630'264 bytes
First seen:2020-08-10 23:32:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 89490247009131c913fe431d098a14f4 (3 x Quakbot)
ssdeep 12288:5M/rZ0d53n/W7K4PJDYUYemYrkIRRSgm/CQlzsOaIWaPa2888888888888W8888z:medNn/6hQDrIRjm/CQJsOahr3r
Threatray 24 similar samples on MalwareBazaar
TLSH C6D4D003B3D74439F5B24A3884FA49B15D323DF927E0DA5A3DB4F54E29B02925972B23
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.69361.30232.16703.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/417629
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc43d74e48156dcfd9991b8f5470d3f9e575a4937f368a0d856e30bfa81a74fa/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 23:34:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3a971cb00b359b0a9a86157d6e19e2710e7f42098eb4fdd3f8d46f5333cdbf45
4856aa92825a6c51304e39d51d5ea92c35e290936589039548612e8f927ce974
4a70117a242a51045a243f7807d17724f5eac5f678e0ed477f4fd755261b37f7
531b5d8939216cbba9c4c8b9aee9d550dea1dd317d9fe9a3c9d7eb9ada13d090
599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f
7bf0912cd1d107e491c474767c3bd83b39d08e55fafa810d076a5da898ea822a
983e210faada072a0ae9b176d62294be695fd805c0096083bd2053e05d0ad7dc
99f851b8bb921318568a9c87ef39bc353c0e3c9af67a8f5078e957f4bb046491
b1139bd83cc58fed71d413dac9a20c56b059cee03170a5463567f6f1155b0336
f1748543fd3d8ad75889012685d7ca632f257723dc5454ebfadd32c1cf2f1ac6
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200810-x5zpacwwwj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/bc43d74e48156dcfd9991b8f5470d3f9e575a4937f368a0d856e30bfa81a74fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43019/

Comments