MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2054c3ef530c59f98144021367033dabf8e2201c11ca12d270fb28e36754c22f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2054c3ef530c59f98144021367033dabf8e2201c11ca12d270fb28e36754c22f
SHA3-384 hash: df1d4ddf045a3e202dc5a3203b8d1ea2d19356e97a19f2b851b013d5c0278e9ac55526a88216356111861e7e8b365841
SHA1 hash: 331f3fbc65d812eae9462542857143d43aabf681
MD5 hash: 5682348ff92e0aae20a7163fe2fc9f73
humanhash: oregon-chicken-eleven-north
File name:Sree Nidhi-Company Profile and introduction.pdf.exe
Download: download sample
File size:544'518 bytes
First seen:2021-08-19 13:37:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 12288:BRZ+IoG/n9IQxW3OBse9Fzib6bjk+Zy+IO1FuokQHxFgytMsZV4v/nh:p2G/nvxW3Wl06bjrypgoQrdM84vPh
Threatray 1'217 similar samples on MalwareBazaar
TLSH T127C4E001FEC15CB2D5F219355D64AF316D3EB9E00F28CAAFA398896DD9311C0A634B67
dhash icon d1d0e8e8e8f2f0cc (1 x RedLineStealer)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Sree Nidhi-Company Profile and introduction.pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-08-19 13:38:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/733dd2cb-ccc8-4c4a-8c46-8f4b59f7ce5a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180715/
Detection(s):
Win.Malware.Qshell-9875653-0
Create hunting rule

SecuriteInfo.com.Trojan.Rasftuby.Gen.14.10239.27368.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file in the %temp% subdirectories
Launching a process
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6044c5cc-c45e-4799-bd99-d1626fed8ff1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/835831
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 468262 Sample: Sree Nidhi-Company Profile ... Startdate: 19/08/2021 Architecture: WINDOWS Score: 72 30 Multi AV Scanner detection for dropped file 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Uses an obfuscated file name to hide its real file extension (double extension) 2->34 36 3 other signatures 2->36 8 Sree Nidhi-Company Profile and introduction.pdf.exe 3 10 2->8         started        process3 file4 26 C:\Users\user\AppData\Local\...\Company.exe, PE32 8->26 dropped 11 AcroRd32.exe 39 8->11         started        process5 process6 13 RdrCEF.exe 54 11->13         started        16 AcroRd32.exe 8 6 11->16         started        dnsIp7 28 192.168.2.1 unknown unknown 13->28 18 RdrCEF.exe 13->18         started        20 RdrCEF.exe 13->20         started        22 RdrCEF.exe 13->22         started        24 RdrCEF.exe 13->24         started        process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2054c3ef530c59f98144021367033dabf8e2201c11ca12d270fb28e36754c22f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-08-19 13:38:18 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
275cd3c09afaacc06adbdbcd5c638b5894c81eca008446454864b537f54593bd
2ec6c6341ff83005a6515d942976d2092549312d419a29e59d0efb15d65749bf
3221c7c857b80fab3818cf1ea9435cef9626d84bd308d7a365e4e5089e5ef413
3d93d1e45579a47c3a3425fd16319c5a004396a2d98b7cf170ed009dad29c247
8eea00bd7d1db820c7a1b5622119b76944215e5803c2e8b772b9548e9ee91c66
b8338eda2c7390860da3bd4a37104b409235131406d9b4d30a78b5d4189cf317
d96b12587bf342e3a99493402b3ede54ef5b3f31ff4b09a6710f1443a66f2683
+ 1'207 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210819-zcxtpzszke/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
ff88eb7df05f242792f17784fac017b858a9a339abeead80a9216287daf53274
MD5 hash:
3f14e1639103810a86685ef1d7e63d1c
SHA1 hash:
02531b687336211a5f12b5bf756d57dfd2d264bb
Link:
https://www.unpac.me/results/fc51d5dd-9ae7-46cd-9e69-1484af6b13cf/
SH256 hash:
56161cbdae95574303aac1052725abc01af9d103159e1d196795398ad297ff5a
MD5 hash:
f5574bd857b7179ee45c5d72acb67a6c
SHA1 hash:
9583780e668a04610ba7be6991e41c1b87acd948
Link:
https://www.unpac.me/results/fc51d5dd-9ae7-46cd-9e69-1484af6b13cf/
SH256 hash:
2054c3ef530c59f98144021367033dabf8e2201c11ca12d270fb28e36754c22f
MD5 hash:
5682348ff92e0aae20a7163fe2fc9f73
SHA1 hash:
331f3fbc65d812eae9462542857143d43aabf681
Link:
https://www.unpac.me/results/fc51d5dd-9ae7-46cd-9e69-1484af6b13cf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.73
Link:
https://yomi.yoroi.company/submissions/2054c3ef530c59f98144021367033dabf8e2201c11ca12d270fb28e36754c22f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/180715/

Comments