MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0238fa5e168fae05b5b3233df17c72531e906226ba85ac948809265d840dbde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuakBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0238fa5e168fae05b5b3233df17c72531e906226ba85ac948809265d840dbde
SHA3-384 hash: b6d962c07d3b9f5f6ccda9c19fb1ae08cbf8d9ef9c87ad50eb1ce8a6cf394d929a2c44c5dcc1795872f8abbc2f76e4db
SHA1 hash: f6f50f5c53147876e25b6a866819ead832182144
MD5 hash: 7ac8998f4952b33ef13710e349d76a6e
humanhash: jig-comet-paris-ohio
File name:7ac8998f4952b33ef13710e349d76a6e
Download: download sample
Signature QuakBot
Create hunting rule
File size:217'600 bytes
First seen:2020-10-26 15:20:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0d79b318bc431dac712bdbc2f416a4f (30 x QuakBot)
ssdeep 6144:Lbnkh/mOzwhLo4opHFpEVfjeAIDNafsQ0YPXf+:e/PwhL4pHMgvQP
Threatray 728 similar samples on MalwareBazaar
TLSH C22401E5034889B9F8B877F51EAC13B2C527ADAF038D24C8274367C593215B67722EB5
Reporter seifreed
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/79279/
Detection(s):
Win.Packed.Generic-9778225-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
qakbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f0238fa5e168fae05b5b3233df17c72531e906226ba85ac948809265d840dbde/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 06:35:39 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ary7jpbnd5oaw23giz56f6heuy6sbrcnoufvskiqcjglwca3ppa._file
Verdict:
malicious
Similar samples:
056f95b607706f579516030cac93f0752d3b70622383647b7a7cd3dd595dd8c8
QuakBot
0652d513a2c43aaabbb806eeda3e035aa3b12449a718610d42453896d9f97751
QuakBot
11c6c84f4c67d7ab23c20984648b03289deca9e39dea861b092e0b5fce747b06
QuakBot
21f679e610da831b5793f874a1c1e10c6fcb66a2816b46ecb9081d0672fcbeb6
QuakBot
4a4df13254e5f1e62f8ab02703ebc5d96ecb97ab979f7a8e3a80120935a4df9e
QuakBot
8f3b20670faef6e2e81e2e679af9397ced5ed3116af03585d7f80986451e9987
QuakBot
9adfaa5b63a6a5456740d383e463055f47b796114675f0912e185638ad135d4a
QuakBot
b78c608b6efdbcab010375b990d029eefd2aa139b5796cd5b10adf50a8e48ec3
QuakBot
bcd506c83a908de270fd5fbe9ec541c42a6305a542edd9327ad86657656de4b3
QuakBot
c118e4088bc5aaffebe7208df9f01da9d70ba625ba020c593723495c0954a203
QuakBot
+ 718 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
trojan banker stealer family:qakbot
Link:
https://tria.ge/reports/201026-s1wq873lnj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/79279/
  
URLhaus
https://urlhaus.abuse.ch/url/718198/

Comments