MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d74e55accbca02508e6825814f30ad6d6963c54c85bce1329c71caffff83636a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d74e55accbca02508e6825814f30ad6d6963c54c85bce1329c71caffff83636a
SHA3-384 hash: 554301865706454fa80b2fe5433be55660497e8f799a3acd7ef774137efc94b4e7899b6926397a358eb1516263b98fb5
SHA1 hash: 7c523dfce920d3696644041c8f0527da75585e80
MD5 hash: 0cd7647ef7f5087768942013aa0f17ae
humanhash: diet-yellow-jersey-pasta
File name:d74e55accbca02508e6825814f30ad6d6963c54c85bce1329c71caffff83636a
Download: download sample
Signature QuakBot
Create hunting rule
File size:261'072 bytes
First seen:2020-11-13 15:11:54 UTC
Last seen:2024-07-24 21:56:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:5awCRk4Z0Nhb4s6g1IILx4r37gCyljAyU:fGk4ZkhMil4b7XuU
TLSH 0D44E14213E84444F86F66BA8C72C3601652BC91A77E6F9D1E84F36C5D32E72AFC471A
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Qbot-9785651-0
Create hunting rule

Win.Packed.Generickdz-9785977-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d74e55accbca02508e6825814f30ad6d6963c54c85bce1329c71caffff83636a/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 15:12:36 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=25hfllglzibfbdtiewau6mfnnvuwhrkmqw6ocmu4ohfp774dmnva._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201113-srvhwdbxhj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
d74e55accbca02508e6825814f30ad6d6963c54c85bce1329c71caffff83636a
MD5 hash:
0cd7647ef7f5087768942013aa0f17ae
SHA1 hash:
7c523dfce920d3696644041c8f0527da75585e80
Link:
https://www.unpac.me/results/ad799e62-549e-45d1-b17e-19e9fbb23e5f/
SH256 hash:
06cb6772e20aa43b4c1aae615a85068c76354c0da1b359ff2759cf3cc603fef6
MD5 hash:
4cf0852e8702d2f14a937b597b81af68
SHA1 hash:
601a94ff2b691bd5fdc1e3050b9a21a9c262d233
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/ad799e62-549e-45d1-b17e-19e9fbb23e5f/
SH256 hash:
c323d13533b677727ef9221e9f64d242d0d6d739ff62611d4c24b97e2b8a74aa
MD5 hash:
a29a1c119ff0f4e7eeae73a412b86e2f
SHA1 hash:
dec486ccc0e6bcede0c2c02278aaf3d5c7a7fc62
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/ad799e62-549e-45d1-b17e-19e9fbb23e5f/
Parent samples :
1f622642ed6ea23622fb1786f08270c81b635c29b00350f7dc5ba41c76c0e3f7
3b948ca55076ceedc3e6915ff9db3ede5a24341b34ba5529b2baaae918f7cf30
9d8eb1fc299a3be657eb975c5c7bc69bff72f536c6c02ae2cb98b7f1924aa175
16f511f7fdc83981b31b85fe6c42591093db5397d7634bef9bff0e048f37bc7e
2964eeb4bb8c0efe746244428f24422aa311b216238fafe6619577e408a7f3fa
303121f6de8cf468ba8556e3da25d7b4ce3d326d97125ab1fb677335d7f58e64
b06e103b426a26533360cb1ab47055e3f8b3a75b7995f8bbfe19b13157715265
b722d1e333d3cabbc9399d799a05cbbf17b09f4bf48a4e68d762f35cefc51566
e4053c912df782e2756904eaf7eb2fc4cd54ea0b59f2dd631c2ea67022dd810f
2087c1816ef9c47dbe81b251f52b46ce41be1720d7a3ac290dd5c0805dc15535
51a8e39de1754e2cb174354c56933f880e0d260da7068d4a1ac5712bbe63cf16
796628a486952b0d191b62c012f52fa3771b2cdeb3057e15a68a159256060d49
bdd813551ef4d133ccdc26e089f7269cb36b2df961065e3c7327d03656bbb3d9
8d0aa4e2fff62cafbe3f1cd898feae87800f14c47c80b506237e075d60aa1458
eece9bc5d2f1ef51a4e821cf9e26978560a647168da86301b2547c5fa265971c
f4722b9eb8c15411048fe02c891f63db1f3f926c9e29718a795f459298a796bd
061ca32438f9fd9e9c838d4590bbbf462e78f8ed5fa847d7ffde37eebdd3b60d
4dda5ae8bfb21fa3c19b99e9164dc66030fc91c6b989f39404fd25fd48f15959
d7c9f470e76a75c1c2b308cf3e47b361b57559273d52991a663e37daf7c0c582
e94ee23df573403682a2c8fe38b469aa9cb9fca18349b0fe4eacbc181c096b0e
ba00d44ecfb51be7ea3d616c8f925cb256981a21b010d25976b6ac8f56b7169f
bc14db72b84a578b6fe65c853ebd2c623a3eff6a3933bf2fc96d3ff7a97abebe
c75c4a0df0dd899533dfefd1d6806d85a7ce0070d1e76e6a8562c153c7c1bf6d
83ffb5742f448672bb348e6bfe213894405e6ee91e687583c46e1d651a10b5c4
2740229cd0513f81b0be2ac7cb06871f44bdfcea2fca954b7d4d78823c1f19c1
536f7521b4c6570df4094524a49be30de2055f94c0ad5a362a32569ba5abf931
3a5402e7a931dd14b1c3ab20da1ac45b00dbb9339fad4d40c7b4919b5e5323d3
76abda9df345a813d02af71536094068af8a8cb18f39f684033fad0f83d5337d
a2706b67cfed2b714aa4d2f41f791723ba0eb3c8951c2d941e31752c03cbd70b
36df136289e908fb4f37de40e48fddeee60136acf1e4cee7fa5f9f008dd894e1
c871f956f413e3d11bd1659d131f9374baeff06b2b2868a46f844af67c4e5b9a
ec43ad24c31234837c87b54b21ebae357474c57618f49074e975ebf70efcb767
d74e55accbca02508e6825814f30ad6d6963c54c85bce1329c71caffff83636a
730a2f13a2d69afe03a940276aca880c5a2c29b68d3d2d15e4d517ef69d03ce7
b8c5c616fe5b05a907c6351c9799b7bfd59fa84553be40bd89f8322d0d5dc30e
57c09bbf5492ee198bdf74d95207d1e2e257ebdc0572aa65b73dffc8c6cc78c2
4a3c2e5457b2971c9fcd3f9209431b8f37142e37692af98342756945529e8cc7
8ae2f00bbca9bc0e93a06fcb9deba04de4d50c53ca39dfb953572d575322038a
dfc2e675b57de77317ff34d8be106f68c675d09abf868e4b5959769462925572
f31096a0ceb735b902141983779a6b458a7f9ca4f8e80edaee1077f73c56422a
62700176f2f6f64b62f962a474d4e8b3c04a3c3902ef09d949ee8c72a7dde370
de5a65f97824edbf9900228932697cd51d802104dd9d56412744bea00ea25f11
fad3bef0301e1ecfddca2e63b90700f1f07e52d29cfaf7f4f213e65963e745c4
62f8136420a8eab4610def50bb95f526523acf0b7301548276cbcaa7d0bae30b
6e16391ad5e8921b07b88b35c8c95c540e501c3cc84ca88fd19a5fcb66d12705
835016ef25797959e65f0846a57690cafd660d5990183ca6befd0e959792a6c8
303f849169ca40e9886ee8f34efca5dc04093e53ede6daabdfb78138a922fd51
4bdb932bbcf90913e17c246fe10b9acc344db0072c4336506c4ee7e5ca4e7a72
dc831fb8258bedfbafc19f99b31b5684cc1f0fc7d0013eb2f7f5622e5cb5d7b4
bdceef9210ba942ece4c90f3d10230ec3c322306a6859df0244aaf21d6d2433c
8ef30b69488ba9a0762508131f45d1e59e2a53108c7983906a000b14eb4e93a5
bc4344d8cc4738aaf1eeecc376dac7f8c2593b4f887272c1df71f2a361411ef0
44082bf06374d9a7bce46bba11b08b8bd1966fa310518656c01bcecea3ceaa34
116acb1bbe4190c0a15f5c3b6e5f290727585bf774caccc2d787220b90896e83
8507b39e7f1444996ac860a7c6ba39101b7e575dc99472e9381a763ddaceda1f
358ffadb642fe360ad1973d46a383963acd3c48171354a13b9132994df6c7a26
a6a365ce08f5eda1ded850e66fa51e4117dcb6aa0bbad2e45568e8a6317859f9
e619c79d519b8aee147c5b4ddb4acd94eeb7d203483caf40b1d120a16ac9c7b4
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments