MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa
SHA3-384 hash: f98c722588c535043136d7d14463d109216a7bd5058b789c8aaa84cd6c441eabec376f228de85990d007a430c52fe0dd
SHA1 hash: 9bf453f13814727bb17a3fe2e33de9886c059135
MD5 hash: 98ae6e7fbcd391e42a2a36b7bd53f99e
humanhash: louisiana-magazine-avocado-edward
File name:eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa
Download: download sample
Signature Quakbot
Create hunting rule
File size:514'048 bytes
First seen:2020-03-23 15:58:42 UTC
Last seen:2020-03-23 16:17:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 50514e98aea891db18f88e586fa66a3e (1 x Quakbot)
ssdeep 6144:RjkzwwtlG/HzP2v1vxT/7kv3tEHHCba9PH26rhJ7Ph5IYcpPE3YuHvzoEAFM8DQk:Rjl/L2vPT2a9PH2CLUFE3HHJhUz+
Threatray 6 similar samples on MalwareBazaar
TLSH FAB41252EB9A0775D55DAA3CD38F014ACC7C3E221E3142AB97A09A41E65F2674CB03FD
Reporter Marco_Ramilli
Tags:exe Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenKryptik8.AA55.N3#77RDM+.cmRtazpHqLWIL+9eGi0PxRB9Kks4.26767.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2019-03-12 18:44:23 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
54cc3426c8ad3f2d39543a8157843620af7108ea419589cc6755e77a31b96047
Quakbot
59d9634fa16ad7953b87ab1db74f9ce2ec17957c046fd620be82a6fadb17f9e1
Quakbot
6197d65fa4ed730e9e928bdfde6404514a8e46450a9b5e7f848f42351dc0cffb
Quakbot
6575a80b5fa70f2b72b0c5270e4bf316efbdda166b73267a783ebe8a56f3cd1e
Quakbot
d73498e0aabb97375783af491aded66aa6710ba848247de3337f404fa02a35c0
Quakbot
fdafb44be84ea918c76a99f4c24c08fbe8de6648a4ad73614f77450aa2b43484
Quakbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Executable exe eeb4645f23f84d8aece99cb4bdb32f735e69582e5f84c451d87d1e2e21d1a5fa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/157550/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::QueryServiceObjectSecurity
MULTIMEDIA_APICan Play MultimediaWINMM.dll::mixerSetControlDetails
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetStartupInfoA

Comments