MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 10
| SHA256 hash: | fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61 |
|---|---|
| SHA3-384 hash: | e4eddfee2f77042ea23daf6fcc55496027ad87e0b49aa37b55041e167a3935a54d3e14708777d51a469ce005464a2aa5 |
| SHA1 hash: | ffe67aa469ab7b96d5699c06860eb5c082aecb7f |
| MD5 hash: | adf336da1b88a72ae2390bf687bd26ab |
| humanhash: | fifteen-leopard-alaska-twenty |
| File name: | adf336da1b88a72ae2390bf687bd26ab.exe |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 317'208 bytes |
| First seen: | 2020-12-22 08:36:11 UTC |
| Last seen: | 2020-12-22 09:22:42 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | c47f4da539f23c99fb8c6c893e2f0be0 (1 x Quakbot) |
| ssdeep | 6144:JlQ69UUJaY+pw4NbmIQytw+rWRUbus87fORzNmDGMQz9OGr3YRYfL:JlQfcaWWm5uNuVrAM0ObYT |
| Threatray | 11 similar samples on MalwareBazaar |
| TLSH | BB648D5B5137250CCC32B9FD35C50F1EDCA0C4A546265B6219FBF532EEA4D0AE8A837A |
| Reporter |  abuse_ch |
| Tags: | exe Qakbot qbot Quakbot |
Code Signing Certificate
| Organisation: | DREVOKAPITAL |
|---|---|
| Issuer: | Sectigo RSA Code Signing CA |
| Algorithm: | sha256WithRSAEncryption |
| Valid from: | Dec 16 00:00:00 2020 GMT |
| Valid to: | Dec 16 23:59:59 2021 GMT |
| Serial number: | A03EA3A4FA772B17037A0B80F1F968AA |
| MalwareBazaar Blocklist: | This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB) |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | 6D4DF6C6889779C1710E4B4AF44063F92D2393473EFB3CAA7BA77C322683C957 |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
3
# of downloads :
428
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
info-5.xlsb
Verdict:
Malicious activity
Analysis date:
2020-12-21 20:42:14 UTC
Tags:
trojan loader
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
QakBot
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Launching a process
Modifying an executable file
Creating a process with a hidden window
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Infostealer.QBot
Status:
Malicious
First seen:
2020-12-21 16:48:25 UTC
File Type:
PE (Dll)
AV detection:
24 of 28 (85.71%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 1 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:tr02 campaign:1608203954 banker stealer trojan
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Qakbot/Qbot
Malware Config
C2 Extraction:
78.101.130.59:995
217.128.117.218:2222
58.152.9.133:443
98.190.24.81:443
80.11.210.247:443
87.27.110.90:2222
79.114.236.11:443
78.181.19.134:443
197.45.110.165:995
86.122.248.164:2222
83.194.193.247:2222
2.7.69.217:2222
105.198.236.101:443
140.82.49.12:443
185.105.131.233:443
77.145.0.57:2222
5.193.106.230:2078
184.189.122.72:443
189.150.111.8:2222
117.215.192.177:443
149.28.99.97:995
149.28.98.196:995
144.202.38.185:2222
149.28.99.97:443
45.63.107.192:995
149.28.98.196:2222
149.28.98.196:443
45.63.107.192:2222
45.63.107.192:443
64.225.166.16:2222
207.246.77.75:443
86.176.133.145:2222
109.154.79.222:2222
144.202.38.185:995
45.77.115.208:995
144.202.38.185:443
149.28.99.97:2222
149.28.101.90:995
149.28.101.90:2222
216.215.77.18:2078
91.138.177.114:2222
67.165.206.193:993
80.227.5.70:443
37.105.7.219:995
75.67.192.125:443
24.234.204.230:995
154.238.107.145:995
65.30.213.13:6882
83.202.68.220:2222
79.167.104.181:2222
89.44.79.191:443
187.155.59.73:443
67.8.103.21:443
176.181.247.197:443
190.75.25.12:2222
37.21.231.245:995
45.250.69.150:443
151.61.125.180:2222
5.15.109.245:443
69.123.116.167:2222
95.76.27.6:443
35.139.242.207:443
93.86.1.159:995
190.30.186.43:443
151.60.38.21:443
5.2.212.254:443
39.36.112.67:995
78.63.226.32:443
68.131.19.52:443
86.121.43.200:443
47.44.217.98:443
5.204.148.208:995
2.91.235.94:443
217.133.54.140:32100
86.121.3.80:443
82.76.47.211:443
5.193.148.126:2078
109.205.204.229:2222
82.12.157.95:995
45.77.115.208:2222
2.50.49.18:22
106.250.150.98:443
83.110.243.101:443
207.246.77.75:995
193.248.154.174:2222
103.76.160.110:443
184.179.14.130:22
203.106.116.190:443
103.102.100.78:2222
85.52.72.32:2222
81.133.234.36:2222
41.228.217.194:443
2.88.10.117:995
85.105.29.218:443
2.84.239.171:2222
37.210.255.225:443
45.118.216.157:443
2.50.88.125:995
90.61.38.208:2222
90.53.103.26:2222
72.66.47.70:443
197.90.131.100:32100
72.28.255.159:995
74.75.237.11:443
2.91.9.248:443
118.100.159.27:443
156.222.73.116:995
2.232.253.79:995
39.45.58.87:995
92.154.83.96:1194
197.51.82.115:995
24.27.82.216:2222
74.195.52.3:443
2.50.58.11:443
78.101.158.1:61201
117.241.53.243:443
50.244.112.90:443
182.161.6.57:3389
41.39.134.183:443
180.151.233.178:443
76.111.128.194:443
125.63.101.62:443
92.99.21.76:443
51.223.138.251:443
2.50.2.216:443
118.168.239.45:443
85.101.187.146:443
86.98.148.224:443
92.154.83.96:2078
151.73.121.136:443
92.154.83.96:2087
199.116.241.147:443
45.77.115.208:8443
90.23.117.67:2222
42.201.228.106:995
123.136.59.45:443
217.162.149.212:443
82.19.107.102:2222
149.28.101.90:8443
78.96.199.79:443
24.205.42.241:443
47.146.169.85:443
2.51.240.250:995
37.130.115.124:443
83.84.150.54:2222
120.150.218.241:995
197.135.0.85:443
120.150.218.241:443
46.53.127.8:443
71.117.132.169:443
217.128.117.218:2222
58.152.9.133:443
98.190.24.81:443
80.11.210.247:443
87.27.110.90:2222
79.114.236.11:443
78.181.19.134:443
197.45.110.165:995
86.122.248.164:2222
83.194.193.247:2222
2.7.69.217:2222
105.198.236.101:443
140.82.49.12:443
185.105.131.233:443
77.145.0.57:2222
5.193.106.230:2078
184.189.122.72:443
189.150.111.8:2222
117.215.192.177:443
149.28.99.97:995
149.28.98.196:995
144.202.38.185:2222
149.28.99.97:443
45.63.107.192:995
149.28.98.196:2222
149.28.98.196:443
45.63.107.192:2222
45.63.107.192:443
64.225.166.16:2222
207.246.77.75:443
86.176.133.145:2222
109.154.79.222:2222
144.202.38.185:995
45.77.115.208:995
144.202.38.185:443
149.28.99.97:2222
149.28.101.90:995
149.28.101.90:2222
216.215.77.18:2078
91.138.177.114:2222
67.165.206.193:993
80.227.5.70:443
37.105.7.219:995
75.67.192.125:443
24.234.204.230:995
154.238.107.145:995
65.30.213.13:6882
83.202.68.220:2222
79.167.104.181:2222
89.44.79.191:443
187.155.59.73:443
67.8.103.21:443
176.181.247.197:443
190.75.25.12:2222
37.21.231.245:995
45.250.69.150:443
151.61.125.180:2222
5.15.109.245:443
69.123.116.167:2222
95.76.27.6:443
35.139.242.207:443
93.86.1.159:995
190.30.186.43:443
151.60.38.21:443
5.2.212.254:443
39.36.112.67:995
78.63.226.32:443
68.131.19.52:443
86.121.43.200:443
47.44.217.98:443
5.204.148.208:995
2.91.235.94:443
217.133.54.140:32100
86.121.3.80:443
82.76.47.211:443
5.193.148.126:2078
109.205.204.229:2222
82.12.157.95:995
45.77.115.208:2222
2.50.49.18:22
106.250.150.98:443
83.110.243.101:443
207.246.77.75:995
193.248.154.174:2222
103.76.160.110:443
184.179.14.130:22
203.106.116.190:443
103.102.100.78:2222
85.52.72.32:2222
81.133.234.36:2222
41.228.217.194:443
2.88.10.117:995
85.105.29.218:443
2.84.239.171:2222
37.210.255.225:443
45.118.216.157:443
2.50.88.125:995
90.61.38.208:2222
90.53.103.26:2222
72.66.47.70:443
197.90.131.100:32100
72.28.255.159:995
74.75.237.11:443
2.91.9.248:443
118.100.159.27:443
156.222.73.116:995
2.232.253.79:995
39.45.58.87:995
92.154.83.96:1194
197.51.82.115:995
24.27.82.216:2222
74.195.52.3:443
2.50.58.11:443
78.101.158.1:61201
117.241.53.243:443
50.244.112.90:443
182.161.6.57:3389
41.39.134.183:443
180.151.233.178:443
76.111.128.194:443
125.63.101.62:443
92.99.21.76:443
51.223.138.251:443
2.50.2.216:443
118.168.239.45:443
85.101.187.146:443
86.98.148.224:443
92.154.83.96:2078
151.73.121.136:443
92.154.83.96:2087
199.116.241.147:443
45.77.115.208:8443
90.23.117.67:2222
42.201.228.106:995
123.136.59.45:443
217.162.149.212:443
82.19.107.102:2222
149.28.101.90:8443
78.96.199.79:443
24.205.42.241:443
47.146.169.85:443
2.51.240.250:995
37.130.115.124:443
83.84.150.54:2222
120.150.218.241:995
197.135.0.85:443
120.150.218.241:443
46.53.127.8:443
71.117.132.169:443
Unpacked files
SH256 hash:
fc7a4edf9d9984d4a53b4296f0d0160436144bc5631b8c5b445a86f3bfa9ff61
MD5 hash:
adf336da1b88a72ae2390bf687bd26ab
SHA1 hash:
ffe67aa469ab7b96d5699c06860eb5c082aecb7f
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.