MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c74fa7da0b06327e3b33991bf1f04137b12d32121a61bb741290ca280d0ff30a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 8
| SHA256 hash: | c74fa7da0b06327e3b33991bf1f04137b12d32121a61bb741290ca280d0ff30a |
|---|---|
| SHA3-384 hash: | 23d5c4b2c67623666a242a041c11e177b6068dfb892efb132ff96b4d9c1a55a7628f5a3baa60a31ffaa4cf84b5689fe4 |
| SHA1 hash: | 4febff716f6eb0793622f24a8e17954b77826e8c |
| MD5 hash: | 057b1e794d6a558d7ef006c0892b3725 |
| humanhash: | purple-yellow-arizona-nine |
| File name: | SecuriteInfo.com.BackDoor.Qbot.561.19875.15886 |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 2'134'480 bytes |
| First seen: | 2020-12-10 02:07:48 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | 9f218d386c5c8cb163315c801b4de4d7 (8 x Quakbot) |
| ssdeep | 3072:srUbfrh/TP/lpDbIqUKQ0yzMrPye1TMhj4fujyaVzmP38JbU:RbFLP/bXHUFzAae1bujL9w8J4 |
| Threatray | 1'395 similar samples on MalwareBazaar |
| TLSH | CCA5B12E3C6BB77A6E5281746852A67CC7197F88F97B00A817C7674845E7CE23E1E0C4 |
| Reporter |  SecuriteInfoCom |
| Tags: | Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Sending a UDP request
Creating a file in the Windows subdirectories
Launching a process
Modifying an executable file
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Qbot
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Signature
Injects code into the Windows Explorer (explorer.exe)
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Qbot
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.PinkSbot
Status:
Malicious
First seen:
2020-12-10 02:08:07 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 1'385 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:abc110 campaign:1607524278 banker stealer trojan
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Qakbot/Qbot
Malware Config
C2 Extraction:
78.63.226.32:443
72.252.201.69:443
68.190.152.98:443
72.240.200.181:2222
216.137.142.200:2222
87.27.110.90:2222
94.69.242.254:2222
189.183.209.211:443
94.26.119.221:443
186.189.208.238:443
161.199.180.159:443
197.45.110.165:995
83.110.221.218:443
105.198.236.99:443
83.110.158.22:2222
24.37.178.158:443
185.105.131.233:443
79.101.206.250:995
92.154.83.96:2078
83.202.68.220:2222
217.39.74.146:2222
78.97.110.47:443
202.184.106.235:443
85.122.141.42:995
5.15.54.40:443
98.16.204.189:995
193.248.154.174:2222
67.82.244.199:2222
98.240.24.57:443
78.96.199.79:443
67.6.54.180:443
92.59.35.196:2083
109.205.204.229:2222
149.28.101.90:2222
2.89.122.180:995
71.182.142.63:443
108.160.123.244:443
37.106.117.51:443
80.14.22.234:2222
2.7.202.106:2222
46.124.106.217:6881
96.19.117.140:443
80.227.5.70:443
47.44.217.98:443
197.210.96.222:995
216.215.77.18:2222
77.27.174.49:995
78.189.29.95:443
72.66.116.178:995
108.190.151.108:2222
2.89.122.180:993
108.30.125.94:443
41.176.34.7:995
65.48.179.252:443
190.67.214.66:443
78.187.125.116:2222
174.76.21.134:443
47.22.148.6:995
24.229.150.54:995
91.104.235.91:995
81.97.154.100:443
155.186.9.160:443
197.51.82.115:995
197.161.154.132:443
86.121.3.80:443
85.132.36.111:2222
197.86.204.201:443
74.124.191.6:443
184.21.136.237:995
93.148.241.179:2222
92.154.83.96:1194
93.113.177.152:443
160.3.184.253:443
2.49.219.254:22
80.195.103.146:2222
151.75.23.92:443
217.128.117.218:2222
174.62.13.151:443
78.97.207.104:443
186.29.96.147:443
74.137.189.78:443
95.77.223.148:443
83.110.151.105:443
5.12.254.113:443
174.55.197.4:443
5.193.177.247:2078
78.181.19.134:443
95.76.27.6:443
219.74.176.225:443
85.105.29.218:443
120.150.218.241:443
2.50.47.61:2078
149.28.101.90:8443
78.162.70.119:443
50.244.112.10:995
125.63.101.62:443
103.102.100.78:2222
86.121.194.157:443
156.213.147.56:443
41.39.134.183:443
47.22.148.6:443
74.128.121.17:443
79.129.252.62:2222
77.132.113.187:2222
78.101.158.1:61201
24.201.61.153:2078
2.50.2.216:443
216.201.162.158:443
94.59.236.155:995
208.93.202.41:443
62.38.114.12:2222
172.87.157.235:3389
151.61.107.248:2222
50.244.112.90:443
87.218.53.206:2222
75.136.40.155:443
81.133.234.36:2222
197.135.87.55:443
96.225.88.23:443
41.239.137.134:993
176.181.247.197:443
102.185.13.89:443
83.196.50.197:2222
212.70.107.59:995
79.166.96.86:2222
81.214.126.173:2222
185.163.221.77:2222
2.51.240.250:995
59.89.129.103:443
83.114.243.80:2222
37.116.152.122:2078
80.106.85.24:2222
2.50.56.81:443
47.21.192.182:2222
74.195.52.3:443
184.98.97.227:995
81.150.181.168:2222
217.165.3.30:443
77.211.30.202:995
93.146.133.102:2222
35.134.202.234:443
96.21.251.127:2222
102.187.19.171:443
92.154.83.96:2087
37.211.93.46:443
84.117.176.32:443
58.179.21.147:995
98.124.76.187:443
24.139.72.117:443
2.50.159.196:2222
72.252.201.69:443
68.190.152.98:443
72.240.200.181:2222
216.137.142.200:2222
87.27.110.90:2222
94.69.242.254:2222
189.183.209.211:443
94.26.119.221:443
186.189.208.238:443
161.199.180.159:443
197.45.110.165:995
83.110.221.218:443
105.198.236.99:443
83.110.158.22:2222
24.37.178.158:443
185.105.131.233:443
79.101.206.250:995
92.154.83.96:2078
83.202.68.220:2222
217.39.74.146:2222
78.97.110.47:443
202.184.106.235:443
85.122.141.42:995
5.15.54.40:443
98.16.204.189:995
193.248.154.174:2222
67.82.244.199:2222
98.240.24.57:443
78.96.199.79:443
67.6.54.180:443
92.59.35.196:2083
109.205.204.229:2222
149.28.101.90:2222
2.89.122.180:995
71.182.142.63:443
108.160.123.244:443
37.106.117.51:443
80.14.22.234:2222
2.7.202.106:2222
46.124.106.217:6881
96.19.117.140:443
80.227.5.70:443
47.44.217.98:443
197.210.96.222:995
216.215.77.18:2222
77.27.174.49:995
78.189.29.95:443
72.66.116.178:995
108.190.151.108:2222
2.89.122.180:993
108.30.125.94:443
41.176.34.7:995
65.48.179.252:443
190.67.214.66:443
78.187.125.116:2222
174.76.21.134:443
47.22.148.6:995
24.229.150.54:995
91.104.235.91:995
81.97.154.100:443
155.186.9.160:443
197.51.82.115:995
197.161.154.132:443
86.121.3.80:443
85.132.36.111:2222
197.86.204.201:443
74.124.191.6:443
184.21.136.237:995
93.148.241.179:2222
92.154.83.96:1194
93.113.177.152:443
160.3.184.253:443
2.49.219.254:22
80.195.103.146:2222
151.75.23.92:443
217.128.117.218:2222
174.62.13.151:443
78.97.207.104:443
186.29.96.147:443
74.137.189.78:443
95.77.223.148:443
83.110.151.105:443
5.12.254.113:443
174.55.197.4:443
5.193.177.247:2078
78.181.19.134:443
95.76.27.6:443
219.74.176.225:443
85.105.29.218:443
120.150.218.241:443
2.50.47.61:2078
149.28.101.90:8443
78.162.70.119:443
50.244.112.10:995
125.63.101.62:443
103.102.100.78:2222
86.121.194.157:443
156.213.147.56:443
41.39.134.183:443
47.22.148.6:443
74.128.121.17:443
79.129.252.62:2222
77.132.113.187:2222
78.101.158.1:61201
24.201.61.153:2078
2.50.2.216:443
216.201.162.158:443
94.59.236.155:995
208.93.202.41:443
62.38.114.12:2222
172.87.157.235:3389
151.61.107.248:2222
50.244.112.90:443
87.218.53.206:2222
75.136.40.155:443
81.133.234.36:2222
197.135.87.55:443
96.225.88.23:443
41.239.137.134:993
176.181.247.197:443
102.185.13.89:443
83.196.50.197:2222
212.70.107.59:995
79.166.96.86:2222
81.214.126.173:2222
185.163.221.77:2222
2.51.240.250:995
59.89.129.103:443
83.114.243.80:2222
37.116.152.122:2078
80.106.85.24:2222
2.50.56.81:443
47.21.192.182:2222
74.195.52.3:443
184.98.97.227:995
81.150.181.168:2222
217.165.3.30:443
77.211.30.202:995
93.146.133.102:2222
35.134.202.234:443
96.21.251.127:2222
102.187.19.171:443
92.154.83.96:2087
37.211.93.46:443
84.117.176.32:443
58.179.21.147:995
98.124.76.187:443
24.139.72.117:443
2.50.159.196:2222
Unpacked files
SH256 hash:
c74fa7da0b06327e3b33991bf1f04137b12d32121a61bb741290ca280d0ff30a
MD5 hash:
057b1e794d6a558d7ef006c0892b3725
SHA1 hash:
4febff716f6eb0793622f24a8e17954b77826e8c
SH256 hash:
857279bb63db1d153e82a45f844ec6f3cd7801715f8d148972cec89f9098f427
MD5 hash:
8fa2270494c84a2304b388a4ee1845b5
SHA1 hash:
65e123d9d3b7928a1af389b3ff0e540d7a1f183a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.