MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 014559c2c1065356e11d627d00585941b39ee3b5cfe37f1063dbf03433084faf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 014559c2c1065356e11d627d00585941b39ee3b5cfe37f1063dbf03433084faf
SHA3-384 hash: 56c0b3f6f3fec36eca4512cfced543bc484c9eb3283e0f7240644791a89361161c1f974ca16dd3d08e5778971c6b6c26
SHA1 hash: de356a11921a5528211f9e0b557f5d052cc6818e
MD5 hash: c5636c3ff832a9503a513ae18cfd3906
humanhash: butter-oklahoma-east-oregon
File name:RFQ2.exe
Download: download sample
File size:1'795'176 bytes
First seen:2021-01-19 17:48:46 UTC
Last seen:2021-01-19 19:55:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 49152:kNRwz0mSzHug688RFBpiLxZqwRjQZX+SzQ4iEEE0kXqC9ZLD5sgYGWqxcGCGG8:vn
Threatray 27 similar samples on MalwareBazaar
TLSH C2850E924D9F9A4CDA33AC0C7FF6B03FC9807772BA3A806D15B21A426397D949BC1D15
Reporter abuse_ch
Tags:Endurance exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy1-pub.mail.unifiedlayer.com
Sending IP: 173.254.64.10
From: YASIR <Account@transfopam.com>
Reply-To: sjrkintluea@gmail.com
Subject: Request For Quotation
Attachment: RFQ2.gz (contains "RFQ2.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ2.exe
Verdict:
Suspicious activity
Analysis date:
2021-01-19 17:53:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/95da6b7c-cb05-49bf-ab1e-19a13d55ba00

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112960/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.24927.25999.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/585402
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/014559c2c1065356e11d627d00585941b39ee3b5cfe37f1063dbf03433084faf/
Threat name:
ByteCode-MSIL.Trojan.Malrep
Create hunting rule
Status:
Suspicious
First seen:
2021-01-19 10:43:01 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=afcvtqwbazjvnyi5mj6qawczigzz5y5vz7rx6edd3pydimyij6xq._file
Verdict:
unknown
Similar samples:
20c29739cf2e559620a2e7a8f5aab950bddd7ffa67df5dc628081d3f123efe90
3bc677cc5b49e7b46557a8ae8989658466afe3f62926c720499a90875760280d
4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233
495955225d3f8b7ee34f7f194685ac06621f177e25aca6bde09d038b0a2afd74
58d196d8831863734a9a52f66ca3a52cafdf0355379567897433c4ef7b6fe421
5adf963b1c92ba79a5003d87943b4cb6c8a72fb9db63d8922c43f6631ad27995
c52ace76d94d2c7687a8c4bd529f86c343c05cc388df75432736b1c384f8677e
e7b1ad88e518117bed32f9ff14ae294d579826cee660c49cb58d48d59133a523
e7b8c782d225ac304d03ac431fe7665f365612d7230e6ec703c85682b52d3acf
f08283e69eef4b48bec25a82962517ead7c998619d431b6b9eb9b227ad520e84
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210119-kyc8vn4cta/
Unpacked files
SH256 hash:
3c14f06e1e8599d195c3fde3e41898ba910c4e894309791b21021c80b9aeb9d8
MD5 hash:
fbaf7deaf020c492773e6830cc6256a5
SHA1 hash:
64acfa2c9ac7a828733b333536fb90c35d0d51f9
Link:
https://www.unpac.me/results/e8c4127f-3896-4b86-b71b-fce6a402ec00/
SH256 hash:
1f2639e8d68d513c6cf7ca84a7dd169f9f2383665c6acb6e8ddf1bbd32b71723
MD5 hash:
6081b27afc1b3f4e1e1be8da312b3e2e
SHA1 hash:
574998f4413f5a7c9bd00b118594f2b005a9c59e
Link:
https://www.unpac.me/results/e8c4127f-3896-4b86-b71b-fce6a402ec00/
SH256 hash:
014559c2c1065356e11d627d00585941b39ee3b5cfe37f1063dbf03433084faf
MD5 hash:
c5636c3ff832a9503a513ae18cfd3906
SHA1 hash:
de356a11921a5528211f9e0b557f5d052cc6818e
Link:
https://www.unpac.me/results/e8c4127f-3896-4b86-b71b-fce6a402ec00/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/014559c2c1065356e11d627d00585941b39ee3b5cfe37f1063dbf03433084faf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz b02f18ff02dc25ba07772ae4dcbec8ffb8e76b6411902d95cf380d70a940d78a

Executable exe 014559c2c1065356e11d627d00585941b39ee3b5cfe37f1063dbf03433084faf

(this sample)

  
Dropped by
MD5 d359def6cef9091c55d4336e175b948a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112960/
  
Dropped by
SHA256 b02f18ff02dc25ba07772ae4dcbec8ffb8e76b6411902d95cf380d70a940d78a

Comments