MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d25368643d599cbdf56c6eb579505b3f21e4b00c8f1c8243cb18040c66751a3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d25368643d599cbdf56c6eb579505b3f21e4b00c8f1c8243cb18040c66751a3b
SHA3-384 hash: a9aabea7f095b034ded3446eae269e81d88c90d5ad705efebbe357cb1c30929cceb2395671d8c5bc7013f0bb89ef1bb6
SHA1 hash: 142374b68a2ee5f5a481f348a13acd2d707e44c7
MD5 hash: 0c4bd0bd6743f9ea0d716f86739fe3eb
humanhash: six-avocado-comet-utah
File name:d25368643d599cbdf56c6eb579505b3f21e4b00c8f1c8243cb18040c66751a3b
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'090'544 bytes
First seen:2020-11-13 15:10:18 UTC
Last seen:2024-07-24 21:43:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:cR8jv/KDUJBIgRD83dvkFICdy2MsVNbDOqZ31Ey7EgfllItjKkAGInR+HlZzmF6s:cRZQJBhO1xn2MzEaKRFUhulLhJ9FCe
Threatray 1'259 similar samples on MalwareBazaar
TLSH 433522D3F9BC8470CAEA2D7B8993123C9A9585E85D05D10B0778A5ADBDF3300FE9244B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Deleting a recently created file
Creating a window
Forced shutdown of a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d25368643d599cbdf56c6eb579505b3f21e4b00c8f1c8243cb18040c66751a3b/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 15:11:17 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2jjwqzb5lgol35lmn22xsuc3h4q6jmamr4oieq6ldacayztvdi5q._file
Verdict:
malicious
Similar samples:
02b6b1f134e188ec672b2fa5a4c7013b77aaf4474fd0f99d31162625a45a5289
QuakBot
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
QuakBot
18a52a088f46ae8a4dbfc27760bdb3e22dda61ed353c8b8ff3dc16aaa1df4c43
QuakBot
24f828742baaedb176d3dba0bdf3d06682c174a9b46b35bf5d145ee57f2aa643
QuakBot
279c511ba3dd0151e5c969eeb34924fbdb4707d0ccd4d0ac36dc9f63324a7582
QuakBot
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
QuakBot
9adfaa5b63a6a5456740d383e463055f47b796114675f0912e185638ad135d4a
QuakBot
a401e9208a31cca327a31ee872a258b358dbd276304625e461d46f5c656d5723
QuakBot
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
QuakBot
e623ccc3e7951238e956cd57702bc2375b0649d5d550fb4ad29e24f6b9323adf
QuakBot
+ 1'249 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201113-6mgnlc1ns2/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
d25368643d599cbdf56c6eb579505b3f21e4b00c8f1c8243cb18040c66751a3b
MD5 hash:
0c4bd0bd6743f9ea0d716f86739fe3eb
SHA1 hash:
142374b68a2ee5f5a481f348a13acd2d707e44c7
Link:
https://www.unpac.me/results/162585af-70f3-40ae-abb6-c049f715dffc/
SH256 hash:
5493d1d101d82dde915faf0163fb420c3a9cd1d31146ef05d554844a142e9c25
MD5 hash:
ef93b08ed2b85b72148a47bbd88a714a
SHA1 hash:
e34a3921e96021a28a24267045a1c917a4152c24
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/162585af-70f3-40ae-abb6-c049f715dffc/
SH256 hash:
9dda7264d3399bc4899106d9ca51f8a76f9672fef80628c007f8ec200466e1a2
MD5 hash:
f96992f04420fee4fbc59a7a19282acf
SHA1 hash:
bf9007cbaeacc75448bc6ce881e999aa95d8c82d
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/162585af-70f3-40ae-abb6-c049f715dffc/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments