MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1b63493892381c18662671b8eb024e242636f424a55ac7c9c520667c7bd31cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: e1b63493892381c18662671b8eb024e242636f424a55ac7c9c520667c7bd31cd
SHA3-384 hash: d6a35eb82d7653ac53648842a391ab86ce19cc185c3cc5defd9fe4759bb3c144dc008702e1f90a89349b51f2198ae96e
SHA1 hash: a59192f14e95a16321b29f4b366813134438d09a
MD5 hash: 2fe6037bb007b5db09f7538a579c4187
humanhash: bravo-hydrogen-seventeen-cold
File name:EES RFQ 56-34___PDF.zip
Download: download sample
Signature QNodeService
File size:10'208 bytes
First seen:2020-06-30 08:44:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:vAsTCLq5lLE3Y4GL0tQ64Ac4IpLkxXTx3Rh5NI+bbEow7VjATGN2u4mOk:YZLq5lLE3Y4y964AcpkxDxhh534oUmu1
TLSH 2F22B055CA65CA1244B0683B380EDF50E689BB20F838F5D2DBA75E4C4540695A24F8FB
Reporter @abuse_ch
Tags:QNodeService qua zip


Twitter
@abuse_ch
Malspam distributing QNodeService:

HELO: tornevall.org
Sending IP: 139.99.90.95
From: EES - SALES <sales@ees-oman.com>
Reply-To: EES - SALES <sales@ees-ornan.com>
Subject: EES RFQ 56-34
Attachment: EES RFQ 56-34___PDF.zip (contains "EES RFQ 56-34___PDF.jar")

QNodeService C2:
https://dde.bounceme.net

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 29
Origin country FR FR
ClamAV SecuriteInfo.com.Java.Kryptik.D.genCamelot.24496.UNOFFICIAL
SecuriteInfo.com.Mal.DrodZp-A.20957.2793.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/e1b63493892381c18662671b8eb024e242636f424a55ac7c9c520667c7bd31cd/
ReversingLabs :Status:Suspicious
Threat name:ByteCode-JAVA.Trojan.Drodzp
First seen:2020-06-30 08:46:05 UTC
AV detection:6 of 48 (12.50%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 4.92%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

zip e1b63493892381c18662671b8eb024e242636f424a55ac7c9c520667c7bd31cd

(this sample)

  
Dropping
QNodeService
  
Delivery method
Distributed via e-mail attachment

Comments