MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Quakbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9fb6ebe75834c2f22cef8ae63a568a7e1ac7c94b18fa8441ff5fe03e4e45db9
SHA3-384 hash: 157e3b850d93a03675fbb8c98b2e10b7700b214a2f7b6a764d4cda67ddff563da173e8e4f6955b1d5d7a23850865c1df
SHA1 hash: d8540d6237f52f92da3cac284b9e9a5115b881f5
MD5 hash: 08bf1554f346299682808b67caffe147
humanhash: five-princess-lemon-whiskey
File name:SecuriteInfo.com.Mal.Cerber-AL.20869.6935
Download: download sample
Signature Quakbot
Create hunting rule
File size:2'093'568 bytes
First seen:2020-05-07 18:40:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9682eab8b5bf2987119d6d40fd971332 (7 x Quakbot)
ssdeep 6144:n77TbPD1Dj5YOQF2qTdGJ5zD7TZo6x87KT8Hb79lkrXhrYD1rS:n77HP5Djd+TOzD7dxI9c
Threatray 418 similar samples on MalwareBazaar
TLSH 5FA58B113DA9E515C45B163BE952C6181E286C1BA9E4450A32B3333DFA3FF27D89CB36
Reporter SecuriteInfoCom
Tags:Quakbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Cerber-AL.20869.6935.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Qbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 19:28:00 UTC
File Type:
PE (Exe)
Extracted files:
81
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7h5w5ptvqngc6iwo7cxghjliu7q2y7euwgh2qra76x7ahzhelw4q._file
Verdict:
malicious
Similar samples:
0c63faba52a07b325662821bd818f9a2f86e927ee9563c86ee832cb133d431b6
Quakbot
1b9837894612fe0677486e6d2511db13dd52889a5c325ab62895916c8d839e2e
Quakbot
256198016ae5ea450648d8a8786820e44099a79e967d8a7d0bbf92381084ec93
Quakbot
30294b7042b6e94b7ac7d2f6641b89017ace586f42143b3b61e4286e2c6e7af8
Quakbot
6833103ea9ce11c1a8deece38363ed984b60d736c9bf23f64fbb9ff9b8e6a8dc
Quakbot
7ec71cc6ad5841a4db6a15705ba7a68fc2c888426d3a0b56ac96f1c87bbdcdd9
Quakbot
9227048434aa9c943cce1d581e833a8c514f4e912722df425526673319de7317
Quakbot
b2935d876e7a339dcc29fb22cacd5052472a531b5d56f4c718ef70db298d9ef2
Quakbot
bf628980bb2c7ea76200a6eafd944db79f9aea0ac0bceeb3baef1e589ffc275d
Quakbot
da97d22eb7016e9daa46962d9c6eb47d9227ad534a996531b793cd00f71b36a0
Quakbot
+ 408 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7ts17nykzn/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments