MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315
SHA3-384 hash: ef1b2901d440a635b17dce6d58cfa623b44f0e355241b466550dd7ec16c945debdec333d373397af2a9c6c7c82a29131
SHA1 hash: 51f21f4e7c221057d079e26bea879c001055d2c4
MD5 hash: b1c4b5871624f3fdf083291eb8bdd35e
humanhash: hamper-snake-white-pizza
File name:Quotation Requirments data sheet RFQ 08162020.exe
Download: download sample
File size:591'360 bytes
First seen:2020-08-16 13:45:54 UTC
Last seen:2020-08-16 15:07:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:V0S+qaQK2FVuu0MwrAKBBx9VwNOzab6N6DqeJijXi:VwBAx0Mwrpwkuq
Threatray 46 similar samples on MalwareBazaar
TLSH D9C41223B8E49629D47D6F3A8850634463F172CAA611FB2CBD452EECD4A56C6C340FE3
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail2.asegi.es
Sending IP: 194.53.148.44
From: Afnas Khader (Bayouni Trading Company) <khader.afnas@bayouni.com>
Subject: RE: Urgent Quotation Request and Delivery schedule REF-AMI-08162020 COPY-4
Attachment: Bayouni Trading Company RFQ-AMI-0816020.r00 (contains "Quotation Requirments data sheet RFQ 08162020.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46452/
Detection(s):
SecuriteInfo.com.ArtemisB1C4B5871624.27211.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/432229
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 08:35:58 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6fwotveutbvz6wrynxu3hkngshdzhhnrfubq3l4hzo2ml4uz6mkq._file
Verdict:
malicious
Similar samples:
0d048612a3cb9e6113b539ce3bd2f08f56e604869cdb38edcf02400ae12c3a74
1f5f7921e3be739b51bead01306a9cc5dc7fec1dbc01a6784497de89afb6742c
37e399fce2caa80c9ea931f693b51a6d1c11464df1ead916cfca67f6100ad71f
69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a
77bb6489c1fd6c87f2ba80955211d0eef9be425d4e6076bd7280c6f87f9f3300
7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741
babb19e7cb06c97942ebdda46ddfe8435b8281ab8459080e0282485e02d587d4
e593655b5dafbbb4d5a991689b883d1304c8b653a714ec724d31c08ed37f13d5
ed847b13d7e0e4544eba48cd80e78a0dc002a8c46b3acb871113ad5be5f44916
f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200816-rjav8cbjen/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 6ab5ddb93546f066163f85e31b484e8b777f4a6fef0f31aeea867dd30a16b850

Executable exe f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315

(this sample)

  
Dropped by
MD5 84b752f3ef8e3343fa0b3878f7d94acf
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/46452/
  
Dropped by
SHA256 6ab5ddb93546f066163f85e31b484e8b777f4a6fef0f31aeea867dd30a16b850

Comments