MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbf910885a2c45d24e1d706b5f89174cee4f59a80aa9f35bcb333b9db2c5cb0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbf910885a2c45d24e1d706b5f89174cee4f59a80aa9f35bcb333b9db2c5cb0f
SHA3-384 hash: 1b5419c56ebcde12f05c67a649bb2eb7d4acb753f14c39f179c1360146710be8e9098f6c807c493adc84ea0fd5926166
SHA1 hash: 1cb707bd6f0b62722ed5032c33bd8a7c896c458b
MD5 hash: 2e6e56bc07cc7dede6088d07b98519eb
humanhash: football-sierra-hawaii-victor
File name:qbot.exe
Download: download sample
File size:687'104 bytes
First seen:2020-05-22 21:56:34 UTC
Last seen:2020-05-22 22:40:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 121ee380806b1b7dcc90f6f45430faa4
ssdeep 6144:ai8I6NWua+981ga1GmWtLDba7SfL+orPz5ETxX:B/4VaYaoe7STj
Threatray 1'202 similar samples on MalwareBazaar
TLSH 8AE4F057D8AF9FABFDC3727591AEF8724202DE9DC22BE4631911B068F0A51D30936B41
Reporter f0wlsec
Tags:Qakbot qbot


Avatar
f0wlsec
QBot Banking Trojan, Link to Dropper via Malspam -> VBS downloads payload

Intelligence

File Origin
# of uploads :
2
# of downloads :
438
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.40426.12068.26422.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 22:35:18 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2cfcbec026bb16339c4e07f1248afa994338320e78478d4ed75291d570f39509
2e866bc6bed961f6aecba1d1b1427a78911da9be507f6e7a31e9cf9332cad8a4
586dde5090c799890db387f0492dc66623e3d94b7419cda4d4806888939c8232
59f5ffbfc917f15266c594807117b13b1f35f6c8446c63b5c24de303728aed39
7704a800d825109caf7c28429b70573be54239162b66e7d008ea031c7b435672
8acb7ddbdb58ff54803c9db7110354b32009258f7dc083fcb6cbcaf9be192d0f
b6942601eb28b9a6c168f162eab73bbe9c61d77a2228da5805fd54946ec4ab81
dc6398e3245b49edaa707271cee7eb7b5ad0d1baf45dc82746e7b8dac1e4f5d7
de0070a647ec8c488b2b8be762a377f5130521eb23083b96d4cb6ea94fa11992
e6d8057f43deffb85f0481b3eb9a870054abcd35bce651770bd0b6b8f2b912ef
+ 1'192 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2ge43e66qj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cbf910885a2c45d24e1d706b5f89174cee4f59a80aa9f35bcb333b9db2c5cb0f

(this sample)

  
X
https://twitter.com/f0wlsec/status/1263882088983429123
  
Delivery method
Distributed via web download

Comments