MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbf910885a2c45d24e1d706b5f89174cee4f59a80aa9f35bcb333b9db2c5cb0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 3 File information Yara Comments

SHA256 hash: cbf910885a2c45d24e1d706b5f89174cee4f59a80aa9f35bcb333b9db2c5cb0f
SHA3-384 hash: 1b5419c56ebcde12f05c67a649bb2eb7d4acb753f14c39f179c1360146710be8e9098f6c807c493adc84ea0fd5926166
SHA1 hash: 1cb707bd6f0b62722ed5032c33bd8a7c896c458b
MD5 hash: 2e6e56bc07cc7dede6088d07b98519eb
humanhash: football-sierra-hawaii-victor
File name:qbot.exe
Download: download sample
Signature n/a
File size:687'104 bytes
First seen:2020-05-22 21:56:34 UTC
Last seen:2020-05-22 22:40:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 121ee380806b1b7dcc90f6f45430faa4
ssdeep 6144:ai8I6NWua+981ga1GmWtLDba7SfL+orPz5ETxX:B/4VaYaoe7STj
TLSH 8AE4F057D8AF9FABFDC3727591AEF8724202DE9DC22BE4631911B068F0A51D30936B41
Reporter @f0wlsec
Tags:Qakbot qbot trojan


Twitter
@f0wlsec
QBot Banking Trojan, Link to Dropper via Malspam -> VBS downloads payload

Intelligence


File Origin
# of uploads :
2
# of downloads :
200
Origin country :
DE DE
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-05-22 22:35:18 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cbf910885a2c45d24e1d706b5f89174cee4f59a80aa9f35bcb333b9db2c5cb0f

(this sample)

  
Delivery method
Distributed via web download

Comments