MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f37c950e329c221ccb6d9184d39e73e0b56924bec963e20766148b630dea93ac
SHA3-384 hash:	97b0118f4f20f2ec12a431a26930c67f8bd6ad539c2c4fd6a0fe1bf9e9af47e5f205db6d065195b6af15c8a90af4321d
SHA1 hash:	aa66fc36cadb293bde8f675d5d43d2c28f679eab
MD5 hash:	bb62584b9838309fb13e405930ad6d06
humanhash:	mars-july-arkansas-fanta
File name:	SecuriteInfo.com.Variant.Graftor.722131.35.9782
Download:	download sample
File size:	1'928'368 bytes
First seen:	2020-03-25 12:06:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0493dd751761a397e3ee8228b754ac75
ssdeep	6144:8/JeE4PgrWYR0qL8NW8ZDRMD8ZHWJZ1kv4X7WyFy:8/QYrr9LZ8sD85wZj7Woy
Threatray	397 similar samples on MalwareBazaar
TLSH	5195E0E1187AC9DADC2C36BC72906694682B7E6D9FAC401D3F60C31C13AF9924F67179
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Qakbot-7641365-0

Win.Dropper.Qakbot-7641367-0

Win.Dropper.Qakbot-7646363-0

Gathering data

Threat name:

Win32.Trojan.Qbot

Status:

Malicious

First seen:

2020-03-25 20:49:24 UTC

AV detection:

25 of 45 (55.56%)

Threat level:

5/5

Verdict:

malicious

191465daa926443b52e0ac1a5364c608c5adc54cdb8bac976e4b5938eeffd39c

45c2fcb5d1745df23fe1d235ca891158c85b5888bc5883e05a4a27ddadcde46e

60abb8176e0ea3f2f85fa12a931f61930e052110de2d5aef79c390d96f841f2f

7a67299805556f9cd973fc12c8a6baef293e8413ed035165a04394ec67c2cf4f

8d694c37617e5fd8daa8e445f74336486b5b408bf3c594b7070652ce9d11a33b

9305e5d027f97d6b30532a66de06b10c0d5a8b7cc9bdfe8b0bafaa5cff5bbc6b

d95f4ac839d1bfe15bef97a921d31b9f1eaa845b26c82ef9b9ab1e16ffde994e

e487ee74b25e8132ce00d0dc0d36f4314ef1c228762461136f65f6fb1814cd9b

f100cf6f88a1af42e3c6017e4bb70414214f81116504632f09686dc9188bca97

+ 387 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessA KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryExA KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetDiskFreeSpaceA KERNEL32.dll::GetCommandLineA
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CopyFileA KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA KERNEL32.dll::MoveFileExA KERNEL32.dll::GetWindowsDirectoryA KERNEL32.dll::GetFileAttributesA
WIN_BASE_USER_API	Retrieves Account Information	KERNEL32.dll::GetComputerNameA ADVAPI32.dll::GetUserNameW
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegOpenKeyA ADVAPI32.dll::RegQueryValueExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample