MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0d2dc14d215014e1ebd9828a29a77de5e384a4a178ae785a915756501716e32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0d2dc14d215014e1ebd9828a29a77de5e384a4a178ae785a915756501716e32
SHA3-384 hash: d7f4be57e38485cfd74445df49cf2f032a6b6f686ce8b77967e7294f08ede25f3f7aa2076986a9ed027097e5963141cf
SHA1 hash: 3a0dd4badb04856a08e349584e46671f309eaf80
MD5 hash: d911f60dcbd502f574433fc3f45f1140
humanhash: king-mango-network-magnesium
File name:923753.exe
Download: download sample
File size:261'592 bytes
First seen:2020-11-25 17:03:40 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash fcb7e66723aeaab780b1c2b44639282c (1 x Quakbot)
ssdeep 3072:O3BNzcIx2gLs5VVnvQYyLTUQHPH3MkKiXy4o+4z774L4yFpeQjLrmzht3WaM0A:OfXgB9yLTUQvH3nKiXtozvYpewrkRMv
Threatray 1'328 similar samples on MalwareBazaar
TLSH EC44AF79BA12DC12E6682BB062C36FD81E879AD93510510F59F15F9CBEEA3847C13BC4
Reporter ffforward
Tags:dll Qakbot qbot Quakbot signed Školab s.r.o.

Code Signing Certificate

Organisation:
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Nov 11 00:00:00 2020 GMT
Valid to:Nov 11 23:59:59 2021 GMT
Serial number: B8B58B6CFE395E338F3476D121E78139
Intelligence: 9 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: A3E4C97FE15C32445F1C603421B464D74A7FBE6DB23ED994AD7EBF17E77DC01A
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105658/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the Windows subdirectories
Launching a process
Modifying an executable file
Creating a process with a hidden window
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0d2dc14d215014e1ebd9828a29a77de5e384a4a178ae785a915756501716e32/
Threat name:
Win32.Trojan.QBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 17:06:09 UTC
File Type:
PE (Dll)
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05fc949a1d235d88ebf502b47633eb9d6bd5661153869a6a596b853719af919a
1d165c74a229d4482dd99ed52261c9a054ae250a3a0e6838e2daf9f55d5e2550
204d220c365234d042f104b9d3f31c78f6aec0baa208a8ed5832340c63b0e252
4a32a7b1cf4e71d60aab5fc7830ad201c23df709d72e8f8cc36bfd736f7be962
5a88a7d4265ad336447bbd99de45886d3b8fc679ee634b1a87b1247c53ba739c
90828f1b7e4b93c6b19b11167ec12c2a81fecf73ca18cd6d17ea1696f7709bf6
c87c90e4ca093cb6ee55d605f08d1f679df35ebfe7943ffeef41ab1d2e7e39a0
e425a05ee8bd5ee32371857078122e04790578a16ca2c3b68bb89e41f33d04a2
f0e89069b78233ed90b2760d5909a7bde373b6787372770a443ba43bcc0b16e4
f8577b751ea68e1e0b746aaceddcfa6e537f855af60aa9dab9881c8c39a3f662
+ 1'318 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-tmvre8ykka/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Unpacked files
SH256 hash:
e0d2dc14d215014e1ebd9828a29a77de5e384a4a178ae785a915756501716e32
MD5 hash:
d911f60dcbd502f574433fc3f45f1140
SHA1 hash:
3a0dd4badb04856a08e349584e46671f309eaf80
Link:
https://www.unpac.me/results/1a454026-f9b5-4ccb-a864-39ab803bd7f7/
SH256 hash:
2f90d572b1d449a524086d7f667183d3f65652ac255890e0e6b6a45b5462ae71
MD5 hash:
917f657d8a3dc25dc5b8219511624fbb
SHA1 hash:
32363973a8d01bfcf8d844ef37ca350d4d3b206c
Link:
https://www.unpac.me/results/1a454026-f9b5-4ccb-a864-39ab803bd7f7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0d2dc14d215014e1ebd9828a29a77de5e384a4a178ae785a915756501716e32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Quakbot

Excel file xls c0b83b92765df26c382fed68564097c14fbaf4d4b05647fb2c80a9ca39107ef1

DLL dll e0d2dc14d215014e1ebd9828a29a77de5e384a4a178ae785a915756501716e32

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/853845/
  
Dropped by
SHA256 c0b83b92765df26c382fed68564097c14fbaf4d4b05647fb2c80a9ca39107ef1
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105658/

Comments