MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 108de1bd47a6c60e2ba5ec4d5b1e47f42bd4e6048fc09d940c441e26f8ee45dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: 108de1bd47a6c60e2ba5ec4d5b1e47f42bd4e6048fc09d940c441e26f8ee45dc
SHA3-384 hash: ed2f066dec7ccc0b9a427f4196dbe66e2ba49eb2e1704c852db78569bb1abc66fb6dab2a92a7fa1309b8803853e9fec4
SHA1 hash: e7ebb6a9c1ad4a1c0339ea0cf7e40623bfeb97e9
MD5 hash: b7a0c66225697675e3e9ff45138c47ec
humanhash: uranus-tango-hawaii-zulu
File name:RFQ 87890024-30-06-2020.exe
Download: download sample
Signature n/a
File size:817'152 bytes
First seen:2020-06-30 12:05:34 UTC
Last seen:2020-06-30 13:11:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 175f794d98c9dcb0b47ae1ab1087c22c
ssdeep 12288:61JUuXUn6wUN4KSgqJ6wWska30/jgrTfz8BYnKFvkpzoMTK9tzxbz/gpY/I5J:qOPXUWD6wEc0bp8RoMTKTN4Y/I3
TLSH 12057D22E2D28837D1732A7C8D5BB394983ABE103D7B58867BE50D4C5F396817C352A7
Reporter @abuse_ch
Tags:exe


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: tabrospharma.com
Sending IP: 45.147.228.149
From: Mohamed Leonhard <regulatory@tabrospharma.com>
Subject: Re:Urgent Request for Quotation
Attachment: RFQ 87890024-30-06-2020.zip (contains "RFQ 87890024-30-06-2020.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 25
Origin country US US
CAPE Sandbox Detection:Phoenix
Link: https://www.capesandbox.com/analysis/17102/
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/108de1bd47a6c60e2ba5ec4d5b1e47f42bd4e6048fc09d940c441e26f8ee45dc/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-30 12:07:05 UTC
AV detection:22 of 31 (70.97%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   8/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-4cat84rvtn/
Tags:spyware evasion trojan
VirusTotal:Virustotal results 33.33%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_404keylogger_g0
Author:Slavo Greminger, SWITCH-CERT, Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information


The table below shows additional information about this malware sample such as delivery method and external references.

6857f29450812932219e398d3cbda94a

Executable exe 108de1bd47a6c60e2ba5ec4d5b1e47f42bd4e6048fc09d940c441e26f8ee45dc

(this sample)

  
Dropped by
MD5 6857f29450812932219e398d3cbda94a
  
Delivery method
Distributed via e-mail attachment

Comments