MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3
SHA3-384 hash: ad1913a283ee6748b5ee6f64d222495922a86c77ae82803f47b61b124f6298fa0e5aa0e24ecc913f596cdf64031dd2c4
SHA1 hash: 1b394638a6a4348024fdfa4a39fef5a37cb4c94c
MD5 hash: e9c6cd26bfe85bd271f8e183511828c5
humanhash: colorado-river-juliet-july
File name:Mzuqtuia.rar
Download: download sample
File size:832'639 bytes
First seen:2022-10-25 11:58:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:o0kInqVQzzU8CMxRArx9MMn850GNBvOXQTbITZB7k:Bnn7FyKl2XQTAZBY
TLSH T1CE05336EBDC7A1DC8CE056ECC5CE3F9277B7E00510F4730DA81966957A1208A3CAAD67
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Zainab<brt.tho@pescadoswear.com>" (likely spoofed)
Received: "from mxcvmutw.pescadoswear.com (unknown [92.52.217.173]) "
Date: "25 Oct 2022 01:43:44 -0700"
Subject: "Purchase_Order"
Attachment: "Mzuqtuia.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Mzuqtuia.exe
File size:1'716'736 bytes
SHA256 hash: db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d
MD5 hash: 1305439ddafde5db447c466b99b695cd
MIME type:application/x-dosexec
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2022-10-25 03:38:45 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 41 (43.90%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ecaanfur2ptl5suktisn3hecqtkm2cltr6vrao4rjfzxpihyjkrq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection spyware stealer
Link:
https://tria.ge/reports/221025-n46ggacfcj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3

(this sample)

Executable exe db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d
  
Dropping
MD5 1305439ddafde5db447c466b99b695cd

Comments