MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfcb70cbc9e7c69b2678a48d5a41f7f9eb541ce548be98dc6d6318a3f5a451a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuakBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	bfcb70cbc9e7c69b2678a48d5a41f7f9eb541ce548be98dc6d6318a3f5a451a5
SHA3-384 hash:	9acdea71a873d2c408603c13e7f82d3bec6fb6fb0f06a51c2c197a8dea182b820b2ce9932a918d16ee55ba13ce133def
SHA1 hash:	269f2d1c4c551df7522928a4d4370c8c745f9542
MD5 hash:	6f32016b55ca8504e118c8c5274f9ea4
humanhash:	romeo-illinois-white-bacon
File name:	4e31386ef26e263014d5ff254d07ace5
Download:	download sample
Signature	QuakBot Create hunting rule
File size:	1'094'120 bytes
First seen:	2020-11-17 12:40:02 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ba5c263c6125faae2c597950f7826711 (27 x Quakbot)
ssdeep	12288:vqflDFoKwr60NNHCW8k45hox9l7pUHSX6EQ2Xbh3:v02m0NNHCWZmO7aHYNbJ
Threatray	1'741 similar samples on MalwareBazaar
TLSH	4435011BE1E35BCBE483817C59E290BA9532EF8DDB5BD47B2A18F0D871B23C5851E604
Reporter	seifreed
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Unauthorized injection to a system process

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bfcb70cbc9e7c69b2678a48d5a41f7f9eb541ce548be98dc6d6318a3f5a451a5/

Threat name:

Win32.Trojan.PinkSbot

Status:

Malicious

First seen:

2020-11-17 12:44:46 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x7fxbs6j47djwjtyusgvuqpx7hvvihhfjc7jrxdnmmmkh5nekgsq._file

Verdict:

malicious

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/201117-n9gyr2s6ls/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

bfcb70cbc9e7c69b2678a48d5a41f7f9eb541ce548be98dc6d6318a3f5a451a5

MD5 hash:

6f32016b55ca8504e118c8c5274f9ea4

SHA1 hash:

269f2d1c4c551df7522928a4d4370c8c745f9542

Link:

https://www.unpac.me/results/aaaa99e3-4ed5-455c-a969-a482a3dcef59/

SH256 hash:

999d2cd63e970157f80cf648e1f2c2c5ed66b0ae37835dbe03b41e970196b080

MD5 hash:

ad84b842265fc58e2167963c0d564013

SHA1 hash:

803d56ffa7384c87fd89837a49a91b436c7379f4

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/aaaa99e3-4ed5-455c-a969-a482a3dcef59/

SH256 hash:

5d9b592d42b12623d4d200ed079ae4bbe781db6917f68eee115720dc4633c123

MD5 hash:

93b3ef3c698e2e499ab0419d86b158eb

SHA1 hash:

85427e11cde3b0a97fec61535901bf9a61270d02

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/aaaa99e3-4ed5-455c-a969-a482a3dcef59/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample