MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f
SHA3-384 hash: 564a7014f3710f50188143afbdb62337c27498042aeb57b4f85526768c8e81d0b5f181f7a8e4b7cda4d3c0cf0a7245f1
SHA1 hash: c57426fa35e36220ddc48950c962f95dee6dbe6e
MD5 hash: b063e6f64f2de7c7c0b12207955a3620
humanhash: spaghetti-network-fish-nitrogen
File name:d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'084'416 bytes
First seen:2020-11-05 22:22:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35a855d20d45e9c84f5bd029dd388 (154 x Quakbot)
ssdeep 6144:KRawthaHqZIMRD83d5kFICdy2cs1NbDEWZ31EylEgf9RItjKkuGInR+HlZzmr6Mh:KR2qZtOzxn2cZ+aKTrUhulLhJ9FCe
TLSH 463512D7F9BC8471CAED287F89A3523C968589E85D05D10B073869BDBDF3200BE9644B
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/85094/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.13628.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f/
Threat name:
Win32.Trojan.QBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 10:16:16 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2z65bflniqdbci65acqri3etfxpinthzaois7fwfx3bqul44qmpq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201105-z19xjez9as/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f
MD5 hash:
b063e6f64f2de7c7c0b12207955a3620
SHA1 hash:
c57426fa35e36220ddc48950c962f95dee6dbe6e
Link:
https://www.unpac.me/results/cbb06ebd-277c-4721-b935-7695e178a7ea/
SH256 hash:
b2245e70317ec7dcf7eeec79ce69303c70c9e8ce0e735f58be4a3cbd9a1aa32f
MD5 hash:
1cdef31263a0d2d690a3234795b357da
SHA1 hash:
6d9987126a98e89d72cc6ffbdf62065b3a319abe
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/cbb06ebd-277c-4721-b935-7695e178a7ea/
Parent samples :
3ca3e5b6d16a79254fc3a225630ba6ccce14af026d05a7d07d52035f556c2743
cbea93d2d24af4fa47dfa9e359a44452f31bff6d65f194cc720684e48a2c90f5
ce42bacf0b5fc43144e33f10aeb9de744de818f85dc44da62b05e64204c42580
73d8eec4558786e302ac9d8d4252a60eebdf4f66eec9925b58d437dbaa5d826e
96e21a6d02770fdff74ac912154f8c7c7a934d7236360485920c8550fa0050a1
18c4314cf758c6745a883c8281c46307e0101974e1d3604fb59b0e806725e5d0
74e832a79ffdd9830db4eb1acc11150a3be94d1ea3665138c9454bd066dd0f95
198f84cee0dae79cda9db5518ba28e2b23000f2fb5735b0dad188bc5972a5afd
ff996f55536de7a67bd73ad8bc3d79a2b39fbacf097c4c506fc7ec0093892588
279a8de5e39df1db685c2c3f3a7ef24ce3a080f485ef4258f3af544ba3f0a170
4dece4f8f1843e688841d1af9c4bf04ae4750c45ab6ab1aee6c8e584882fa6e1
3ce99c8cb67713268cb97548c173ebbd2e9a78b8d2e2a313aafdf84fb1bb109f
3a170ddf4a5187f7bdb2ebe0d2bb50f1628efe9aa17cb79691fdc7b639c20983
f807aeb37f1d5ae92f3c526b1671f6de8ee9071a6b095f1578d535574445d935
80409175a0c0b823892302d5fe864b8cf8e7adcf7c3224cdfc42d3440089f56c
d1ae43466c5c168ce5f6b08a8b1cebed1c50c4e830f5d4d8edb3b0a1707637ba
48a5c7982d3a0aad3a316d391be806bf4518a3914e6304ca23791b1a96f7a696
333e420c622641ce1d0e90836e2d6de9512a8668f36b29bcee286d0dc0362ad4
c648cdade25de484dd01fb660e5b6a0b5c04ce2f8e39fc3003d66f7ceecf8ba3
55b595b2b235716148d0d97ec9e206b5236ef4eb50fc319076d7dfe12e9f31f8
3889e86218b5cd959cc18ea5c14d669b72abf79e16553c250f783f0570da5325
c8d8dac841ae4780853d4e077265967a55ba5327cc7a6097fa88db11f09cc8d4
e765e101f19ac53b1ac1796e8df871a3317c139d2cf9963f0b9ce4877c6a34b4
18e515b87f2113e0cb01aee82cde91912f49ef2bae35a25370d4450f760f4c8d
e7ee18860de04ba320ca073bc31af13d7ad12243b6e50ee56e203e082d4fe2bd
d09d81afbfbf62c6c9ec7deb3c05c699b909c4272698eee14fa21fc09b13c747
efaf18151dcff71f99c514983e1422c7a55db5bdaaac3c01577154f7602f8394
a3326f70eec68273df75df9e431840627ac8c1c4f04be69e6765389effa3170c
2ce0e3f6bcfd706d3b2776301557a2dc3848a2327ad7466f84d8001f15004690
ac7b9830f90d43ca657e76d9d61fd9efbee50ebe1ad5862e35ffdecb7562ebf9
80d310a88b41d69098d4ad67bd64724933bde084e7a55ebde5e3c73664e49e5e
3657746febac3e11b3a87644b383881675bc2059157a82023d4b5b1cd0b09e3c
d67dd0956d44061123dd00a1146c932dde86ccf903912f96c5bec30a2f9c831f
e911a974637256342c4378618b9e0e62f1d77566520977f9f06d03a9f77c94dd
81d9bb47df5527528498454b8e3c657e799a9b253a14e73071bd4a00806456f6
1d4a1f599a48fa710927daeef32a4e509000d2c13cad1bc0b078be9ac0fa2fa1
d1398bbc8382f2b58a852161106c3a1af471ba4df0afe4f8043bd6d711e3abef
ba8b76fe44cfecb234e2ea47adc293fb4e8a7c62119776aab010c2c87500871f
88d2abc1412d8534cf237378933598cd02179225691a298c65e871e77a12de25
36332a5fe3b04f637b3a281c848df93631b6ffe81a969350a5ec73de4d442831
224a2648a7943386f7b3b6b9f22d87d8c7fec9466cffe24a77f17d7a621b8a79
12a33b4cbaa8523b49fbf03ce5ac773e1846660662a0ca67b7dae618606e6ae4
b47d309f16f635798176c9d24035d0bc145b580512adb81191f0ce8684b8b9d5
8d6d8351848925338ce65b442b5bc69872ee467c67e77692645549587eca04d7
43ba9c85b598b5cfcd1fdff00351fe461ab214b1a2b00efcf45f429b5893b0a1
7e0e9f3a1f1bae034cd67784a804dd40375c5b738f7083c9e337197a296425ef
d87d94fd2a6dc33fa5a443f18dc996b513d565d0edd88a88bb322c53f9111aca
SH256 hash:
bba6b9427da416ae16da1932e5bebf21d80bc9aabf3416fdbde9439c35569a93
MD5 hash:
afee498d4c1181501c226fcd56fae966
SHA1 hash:
c0252b391136bb0e4e2e3f3d1815fe387ad6e1ce
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/cbb06ebd-277c-4721-b935-7695e178a7ea/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/697985/
Cape
Cape
https://www.capesandbox.com/analysis/85094/

Comments