MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe1d763bd2c2c1c563a284e6e38c2e5eab5344c176bf9cf72eb1f4c33ffa0e1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Quakbot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	fe1d763bd2c2c1c563a284e6e38c2e5eab5344c176bf9cf72eb1f4c33ffa0e1d
SHA3-384 hash:	f070704b086d1f754e290a6ec6868386398cb61e0e8d7de10878b862483fbbf04fc06a19895956bf76d3c4610f9454ab
SHA1 hash:	cde9977154ff3546cdfd0842a9913b21a5ca1883
MD5 hash:	b0956e0360e36036f89fdff4d9528a73
humanhash:	robert-romeo-three-low
File name:	b0956e0360e36036f89fdff4d9528a73
Download:	download sample
Signature	Quakbot Create hunting rule
File size:	396'816 bytes
First seen:	2021-05-01 14:50:01 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	3e1f0fb4b54229dd240a1006f34727b8 (3 x Quakbot)
ssdeep	6144:oWHgRUTixuu8njF/EeBfCFH7OE11J8JRO+njE2X2J/7vKsaM:oWYNuu8njF/EqfCFHyY1+lFGT
Threatray	522 similar samples on MalwareBazaar
TLSH	7F84BF7DAA22C877E2152FF162D35F980913A8F47660664F51B12F1E2EAD3C47C3AE44
Reporter	malwarelabnet
Tags:	Qakbot Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

304

Origin country :

n/a

Vendor Threat Intelligence

Detection:

QakBot

Link:

https://www.capesandbox.com/analysis/147864/

Detection(s):

SecuriteInfo.com.Mal.EncPk-APW.24401.24476.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Launching a process

Creating a process with a hidden window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

qbot

Link:

https://mwdb.cert.pl/sample/fe1d763bd2c2c1c563a284e6e38c2e5eab5344c176bf9cf72eb1f4c33ffa0e1d/

Threat name:

Win32.Trojan.Injuke

Status:

Malicious

First seen:

2021-05-01 14:50:12 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/210501-qgac8rgzes/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Loads dropped DLL

Unpacked files

SH256 hash:

bdfa467549608b3447c749d2465d8db91a35ef3f9d51bc668677dcd6bf91cf0e

MD5 hash:

3303a3d18581df3af7e83c8291f16395

SHA1 hash:

848f49a2fc975b397040f13430a39d8a3bf723c8

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/d0c762a4-439b-4dae-8284-97b54f181c93/

Parent samples :

627ff5c6fcd538aa53d68149ab497f233ac741b1930acee12d9f549453cce664
4b0e369110e96165597a539d484ffaf84ed54a7761fd07540dc1d6fc848639a7
fe1d763bd2c2c1c563a284e6e38c2e5eab5344c176bf9cf72eb1f4c33ffa0e1d

SH256 hash:

fe1d763bd2c2c1c563a284e6e38c2e5eab5344c176bf9cf72eb1f4c33ffa0e1d

MD5 hash:

b0956e0360e36036f89fdff4d9528a73

SHA1 hash:

cde9977154ff3546cdfd0842a9913b21a5ca1883

Link:

https://www.unpac.me/results/d0c762a4-439b-4dae-8284-97b54f181c93/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.14

Link:

https://yomi.yoroi.company/submissions/fe1d763bd2c2c1c563a284e6e38c2e5eab5344c176bf9cf72eb1f4c33ffa0e1d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/147864/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample