MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2bad33dc7a242f8f6caef8130f6424fcb934a458370f156dd1094b99318cec9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2bad33dc7a242f8f6caef8130f6424fcb934a458370f156dd1094b99318cec9
SHA3-384 hash: 59ec8af0caeda6f6f9be2613919358eadafa34ff71255ed8d4d2afbe4c7c13da8763696b73e8fce8279ead94f92ad070
SHA1 hash: 921e6730b0fdaeab9313d1dfbbb0c006b4506233
MD5 hash: ca1b3d2be61f764fd4685d9662a9d051
humanhash: lima-network-alaska-juliet
File name:ca1b3d2be61f764fd4685d9662a9d051.exe
Download: download sample
Signature Quakbot
Create hunting rule
File size:271'360 bytes
First seen:2020-11-04 06:42:29 UTC
Last seen:2020-11-04 09:16:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 015974618e9105226f001019d35e62e5 (1'506 x Quakbot)
ssdeep 6144:zLfhdM/bXZswyI2D1WG59SLutUsrlc/o+W/:XvKbXWz1WGPes2h6
Threatray 750 similar samples on MalwareBazaar
TLSH 7044F12364758132F02603FB5DA6C6B20CAD3958553219CF2FDA178D472F5E29B31BEA
Reporter abuse_ch
Tags:exe Qakbot qbot Quakbot

Intelligence

File Origin
# of uploads :
2
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/82194/
Detection(s):
SecuriteInfo.com.Trojan.QakBot.11.18191.17506.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2bad33dc7a242f8f6caef8130f6424fcb934a458370f156dd1094b99318cec9/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 17:32:11 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6k5ngpohujbpr5wk56atb5scj7fzgssfqnypcvw5ccklteyyz3eq._file
Verdict:
malicious
Similar samples:
03b08e1f0da12fc44226177999dc9f804413249672dfd5c9f965345710528b12
Quakbot
28073d4484050c1d52ea7be1a8c94a554387311529909fc451525872af5b1164
Quakbot
93d7865771c6ae73997ce1af134e475e436dd0eb3e44ac1a4c8ad6baec8350ef
Quakbot
9cc40a2ab38cb281445a46de0fae4760315b59c856c77f7f8bb20f98167942ab
Quakbot
9ea960fd878163f83b9712993d5d909fbff31601e76b54a4278a282c1526d835
Quakbot
9ee360f8f38d1210fc36149ccd8ceeeef1652345644e3b7cd979f2f3b38f67fc
Quakbot
9f90bdf9ba391e45d111d84c6f59f074410928c306feef877ee9e1a2e0668f16
Quakbot
a78c2c87982e0100377435c95455d4dce74699ab81c1a7f1981631c6d1800382
Quakbot
aab0cda9f1d257a3affd8ee4c8b7eb06369d598afa2a1daa3f0780851fc083cc
Quakbot
e55c191f081d06d46846f73db4d847c3a08da2a517b70ee119f2586c308ebd1d
Quakbot
+ 740 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Create hunting rule
Score:
  10/10
Tags:
family:qakbot banker stealer trojan
Link:
https://tria.ge/reports/201104-f4sbq835n6/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Qakbot/Qbot
Unpacked files
SH256 hash:
f2bad33dc7a242f8f6caef8130f6424fcb934a458370f156dd1094b99318cec9
MD5 hash:
ca1b3d2be61f764fd4685d9662a9d051
SHA1 hash:
921e6730b0fdaeab9313d1dfbbb0c006b4506233
Link:
https://www.unpac.me/results/49f3de07-b926-4e9c-bd89-7f891f736ca2/
SH256 hash:
1333f7645d3c553de03a368f98caab2b7df325df79c106268894eb8fb3b284a0
MD5 hash:
582664043c0a8622fb5499d58946e6be
SHA1 hash:
a69f08a380897bf7b7fa1b39357940d86c92e382
Detections:
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/49f3de07-b926-4e9c-bd89-7f891f736ca2/
SH256 hash:
b8a565b26d48fbea3432cdcbbe751b93d61867db9bf96e82b5c999912abe8a3c
MD5 hash:
1a276576b1b94c4b5d85dd95a4a0300c
SHA1 hash:
95cd4ae82478d4516143ee84b60b42f99856b78b
Detections:
win_qakbot_g0
Create hunting rule
win_qakbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/49f3de07-b926-4e9c-bd89-7f891f736ca2/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Quakbot

Executable exe f2bad33dc7a242f8f6caef8130f6424fcb934a458370f156dd1094b99318cec9

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/82194/
  
URLhaus
https://urlhaus.abuse.ch/url/783104/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/783108/
  
URLhaus
https://urlhaus.abuse.ch/url/786758/

Comments