MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bec5a928b9c8302b548e7dc833fb81e0a257144872551644b0a140a54a98cfb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bec5a928b9c8302b548e7dc833fb81e0a257144872551644b0a140a54a98cfb5
SHA3-384 hash: 4d0c3ba4bda17946ab9cab18c5d8efd2204e71b8a109a427b61e312c8a8eaaa7f919f579de9a7e08738bc0e91643bf50
SHA1 hash: d77309cb8bcb45ac6cf1c84f16154e0a7179432c
MD5 hash: 78e63590a167ede50f6cd4dee0462ae3
humanhash: mockingbird-single-tennis-helium
File name:SecuriteInfo.com.BScope.Trojan.Cobalt.2128
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'097'168 bytes
First seen:2020-11-12 22:45:46 UTC
Last seen:2024-07-24 21:02:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e6b26600fceb7aaa60a5492a3d8d235d (1 x QuakBot)
ssdeep 12288:O1qflDDoYel20NNHCizXv+Omjt7Wq7X6EQ2XbhP5:O100k0NNHCgCt7RNbh5
Threatray 1'250 similar samples on MalwareBazaar
TLSH AD350117F2E34E9BD853447D69E285B98032EFEDD32BA4332D48F5DA31E62C4812E605
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.BScope.Trojan.Cobalt.2128.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bec5a928b9c8302b548e7dc833fb81e0a257144872551644b0a140a54a98cfb5/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 00:27:00 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x3c2skfzzaycwveopxedh64b4crfofciojkrmrfqufakksuyz62q._file
Verdict:
malicious
Similar samples:
12a59869c0e78eed60e76adc9c592ba8b9f3d2835f19d4c46e7a458739d6aedf
QuakBot
4e21f2eefe25c07034fe9a8dc009cf05b33fd4d94979200921cf61f6efd15654
QuakBot
5401646f0c0e59d051a7af22287139db248b5b95087c228a9e7380fcd6cedb75
QuakBot
6a25eecf4c09687ee9eb25089d656e75b86b83464b681f08d14d7cd9fa468a6d
QuakBot
a1093cae5947b010c760dc1e04d9ac932b45dfe46f67b38b8f5b37c807084261
QuakBot
a496166b093b8b09a59f952e7a9a2196aa7754dd3485b4412ec0334cd59714a3
QuakBot
b67267d494ea23d58a61c127eb8e32b274878c3dcfa6586e344604397f7a457b
QuakBot
cdd0849cc7c21652c39ffdbdc039bc211b2044003c97c6bd964fca15012bd4d5
QuakBot
d5f719a5fb651053def370762beb99e78cf222f02d57ddb185b574dfe91627dc
QuakBot
d63cdb3488f01ba3934ca197871561781f9c657bff81dc3192683d7a6c6e06d3
QuakBot
+ 1'240 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201112-vdm9qtv2bn/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
bec5a928b9c8302b548e7dc833fb81e0a257144872551644b0a140a54a98cfb5
MD5 hash:
78e63590a167ede50f6cd4dee0462ae3
SHA1 hash:
d77309cb8bcb45ac6cf1c84f16154e0a7179432c
Link:
https://www.unpac.me/results/ae4d1239-97e7-4e23-b0c1-57cf77ad8ae2/
SH256 hash:
3e49de3ea717441f4cec474f6dab9f540e5d4495c53ad0dc494d5ccf01d9577a
MD5 hash:
7c9ec0935dd39f169f2a5ef2a8e2af76
SHA1 hash:
ad6e84696fa30fdfb4d2cf67b1410e3a0a89b043
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/ae4d1239-97e7-4e23-b0c1-57cf77ad8ae2/
SH256 hash:
4692f0a62f714d0acb7a58b0f52e96844d75e93980e87a3c959eb6773d734e0d
MD5 hash:
34b6b8e9f422bd64ddac18fb466cbdfa
SHA1 hash:
fb0f92fcab48eb274191d734fc557158c0ebc8df
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/ae4d1239-97e7-4e23-b0c1-57cf77ad8ae2/
Parent samples :
bec5a928b9c8302b548e7dc833fb81e0a257144872551644b0a140a54a98cfb5
4d71f075bea3a0676161c066ad62175bdf28655c7ef685192859b278e93c6a06
7bee1221cbd108696ffa02049448bf4a39894b742f6cba59bd67bc83863617b3
dc062275af294c93bf891da3aa1445bb52433632e83c97d152d05f0aa3466650
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/104764/

Comments