MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6f428373659b634d0f0a9f23c7afec8a4bab7ee2161582708e76539631bc708. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6f428373659b634d0f0a9f23c7afec8a4bab7ee2161582708e76539631bc708
SHA3-384 hash: 487bd0760196b51deec25c3aecfa60db9dfb617214ee0549fd08be0139f73c51f030cb0afe428d38f8ded46d9baff003
SHA1 hash: 5e5b22e91b3cf829740c442171f7df9b4e611534
MD5 hash: e947c3ce50fd9e20202fa2eeedcbd157
humanhash: saturn-asparagus-leopard-alpha
File name:SecuriteInfo.com.Mal.Cerber-AL.8158.26014
Download: download sample
File size:559'616 bytes
First seen:2020-06-01 17:35:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c00edee433fb0a6d5c74113b44e7912 (6 x Quakbot)
ssdeep 6144:OiGEtpvnii93Ku4n70GDV5RqXvN9Eg03fBHeg487ebxovl:OmnieKP4GdqXVL0f9
Threatray 418 similar samples on MalwareBazaar
TLSH 75C4E09662BDD762E3FB627488BE74E999317C4D3B22CC371650B79C18713A08B25B13
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Cerber-AL.8158.26014.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 18:35:30 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
013592351d28519fce674800c4e70e06ecf571ab0930c1d5bac03372010198ae
0e5372fd7ae262365e2be6438a14b3e2b5b72424580d53ae96ae347936df03c4
2118e27fafd62ffdc52bc5f485886eaccc4ef4d9c017952b6056b423dcec8a10
24f0117431531a4c2b31b595ca84bd1eb8741a80fe891da921b4ed65581ff91a
382ae412ae682c0c1241c2bbafec413b0f9bb5829a68ec199399dcb38e9cf05c
455a500ea93a92f98650b301e2198c019ea63821af4b70434cad46f05eae853f
458f1e9ff95b22691bc8373b9a0829853404f0abbd2151504c030ca028ec15f9
974dee1b8ccdad03fcbed6849802dd1d25d3d4c655749fd910733746a1b1f3c2
aec4a8545ebb046d6f354225d51130616b6617b4d71f90f1e206864fb90c982c
caf2d5a1f94824ae9f51e8ad1bcd06f57f1ca1c84e14a228593659de6347c9c9
+ 408 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
cryptone packer
Link:
https://tria.ge/reports/201109-ldvp8rsy3a/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments