MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eddbd95e74a6d5f4afce54bc50a4eeb5767a70b2f3e88f2f2f4e8730745c2699. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eddbd95e74a6d5f4afce54bc50a4eeb5767a70b2f3e88f2f2f4e8730745c2699
SHA3-384 hash: 3030343d28ddc90e67d135746afb0a937ad19f22b9a818fad26da8df3bd818790be352cc9286fdc2bfbaa5fe52c7938c
SHA1 hash: 37eac4e7d1f5d7f8299625f29ad32acdf7ecd4fd
MD5 hash: c0885d141b6ded9e8179db4e32d401df
humanhash: fanta-chicken-lake-failed
File name:bcd3b60fc7dde1d2fd981861b1741e3d
Download: download sample
Signature QuakBot
Create hunting rule
File size:1'094'120 bytes
First seen:2020-11-17 15:12:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba5c263c6125faae2c597950f7826711 (27 x Quakbot)
ssdeep 12288:4qflDFoKNF6cNNHCW8k45hox9l7pUHTX6EQ2Xbhj:40nEcNNHCWZmO7aHXNbV
TLSH 0F35011BE1E35BCBE483417C59E290BA9532EF8DDB1BD47B2A18F0D871B63C5851E604
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Running batch commands
Launching a process
Modifying an executable file
Delayed writing of the file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eddbd95e74a6d5f4afce54bc50a4eeb5767a70b2f3e88f2f2f4e8730745c2699/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:22:02 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5xn5sxtuu3k7jl6oks6fbjhowv3hu4fs6pui6lzpj2dta5c4e2mq._file
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201117-5z2h52sns2/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
eddbd95e74a6d5f4afce54bc50a4eeb5767a70b2f3e88f2f2f4e8730745c2699
MD5 hash:
c0885d141b6ded9e8179db4e32d401df
SHA1 hash:
37eac4e7d1f5d7f8299625f29ad32acdf7ecd4fd
Link:
https://www.unpac.me/results/795373e4-51d7-4e3a-917e-775270cdd44c/
SH256 hash:
1681654bc3c066f985db783d44e10a54ef24371d031a08f3410d66db62a60442
MD5 hash:
2178b81d58acaf4f52ea5a25b7854f80
SHA1 hash:
6e54990ae6a5599becf8bd77f50a6ba7bcf4f454
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/795373e4-51d7-4e3a-917e-775270cdd44c/
SH256 hash:
b70de9d1ca675a554b9baa20a059d6e5f035a58723b9ba259247236a379a14b5
MD5 hash:
830cb637dab9b28085c41c718f7cdd3e
SHA1 hash:
93ea1769ac375e2a40a005a1976802cd84a4f98c
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/795373e4-51d7-4e3a-917e-775270cdd44c/
Parent samples :
cb328d1a8558878187bbfb7f03629273695fbdd2711aa64a65da8a419b0ed457
cc2cadf4c6d232808dcac24ea4afb4d482c0c3e951bea9894a7de2b35553c429
eddbd95e74a6d5f4afce54bc50a4eeb5767a70b2f3e88f2f2f4e8730745c2699
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments