MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 238949f4a8490590874e85fa02666a23acc31fdfeaf7d1e80dc7d26f7aa788a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 2
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 238949f4a8490590874e85fa02666a23acc31fdfeaf7d1e80dc7d26f7aa788a4
SHA3-384 hash: 6916387829db9525b4b81b81e14624b53069e571d44cef9caed6ffd1b89396b1d30ab1e03de8ed853e66411d6757c225
SHA1 hash: 787f89bbb0d170cba37d97dc50209ec1b608fdda
MD5 hash: a9c2347575434b1ab2dd6db2fb742037
humanhash: india-nine-minnesota-massachusetts
File name:RFQ(pwd=unk).zip
Download: download sample
File size:485'867 bytes
First seen:2024-09-27 12:03:09 UTC
Last seen:2026-05-21 14:07:13 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:DobQ1gG4wM/QVRwRsUPF9TwY6U2FRyc+1caZdt:hyGtM/wRwX98rtDyl1cal
TLSH T136A423B9D1FD798FA839A63879393C56ADCF5C893B0580C31C80525D64FB7F35886A84
Magika zip
Reporter TomU
Tags:password-protected zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
138
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:RFQ.exe
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1280.UNOFFICIAL
Create hunting rule

Gathering data
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/238949f4a8490590874e85fa02666a23acc31fdfeaf7d1e80dc7d26f7aa788a4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/238949f4a8490590874e85fa02666a23acc31fdfeaf7d1e80dc7d26f7aa788a4/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-09-24 21:36:26 UTC
File Type:
Binary (Archive)
AV detection:
3 of 38 (7.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eoeut5fijeczbb2oqx5aeztkeowmgh675l35d2any7jg66vhrcsa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/240927-pbe99a1hqn/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 238949f4a8490590874e85fa02666a23acc31fdfeaf7d1e80dc7d26f7aa788a4

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
commented on 2024-09-27 12:45:20 UTC

[email body]

Good Day,

Please quote your best price as per attached RFQ file.

Your immediate response is highly appreciated.

For any information or clarification, please do not hesitate to contact us.

Best Regards,

Madiha Rasheed
Sr. Sales & Application Engineer
Techno Group Pa kistan
513, Westland Trade Centre,
Block 7 & 8, Shaheed-e-Millat Road.
Karachi, Pakistan.
Ph # +92-213-439335-6
Cell # +92-333-312339
Email: madha.r@technogroupllc.com
Website: www.technogroupllc.com

Avatar
commented on 2024-09-27 12:20:45 UTC

related tweets:
https://twitter.com/c_APT_ure/status/1806680805554421985
https://twitter.com/c_APT_ure/status/1839640014281433219