MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf
SHA3-384 hash: a76a0ed7698323ff3e67656b7fad03c1abed310f9520ad379ad63314b5923ccb30d2efc9d33f4c60626c24f4d2738989
SHA1 hash: 5d6cf4f0adf171dbf037c510b832d2479115ccfb
MD5 hash: b649cfb75c80a2007de27dfa415ec12e
humanhash: cardinal-magnesium-fillet-oranges
File name:Singapore supply Quote#142574RWD Co, LTD.xll
Download: download sample
File size:709'120 bytes
First seen:2021-10-20 02:51:51 UTC
Last seen:2021-11-07 14:22:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Qn/zDvGHAykHSzLW/4+8bzbBSreMdVLOZBVCjeEQGW9qsVK1vzJTwHEmGiQttB5o:CzbGHAzHAjX1T35VP
Threatray 12 similar samples on MalwareBazaar
TLSH T1A0E47C56F3D7EAA1E7FE43BA85B149184372B4624231E78E668071CD2D23381993DB1F
Reporter GovCERT_CH
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://capital-spherocyte.herokuapp.com/b?y=49ii4eh26lj64cj26lj36dhi69ijgcpg61h6ae9i6cqj0dh25gh748hq49k78t3gect2ubrhedj6ir35edq6usj1ctiisojcdth2sorfe9iistr9dpi6utrj5pn6at1fd5n76t31dhm6asjj5t8napbif59n8rridl9mat3le0n6au3548======
Verdict:
Malicious activity
Analysis date:
2020-11-17 03:19:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/339beba3-889a-4106-a77e-094bbfc49899

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/198685/
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed packed
Link:
https://www.filescan.io/uploads/616faf6ca9d585e6d52e4744/reports/9efe707c-9e35-441e-9a48-f4cce30897be/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8a0659ee-e825-4a84-85d1-ee8e8de3bb06
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/873582
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fs6p34gyeopnqoj7hvgj7fsbx4b2u6dkj54bjxhwfpoymm7xlo7q._file
Verdict:
unknown
Similar samples:
26b28023d8a2abed6b305a6ca837d25e4aeeec4fd43a07380fc4f61a38d660fc
66d55774ddc3c2e2a33f3158adc526bd703def0eef939c1e72956ae7256f0dd6
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
6f6022a7213a133fb217d60dc3ef39feeb11757d0ef35e5f3c94063557a171e6
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61
a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16
e700a5c4c0969393e63617581e5480c35b77cfeee506c6701775b8403d3fc24c
fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211020-dcqxlahebp/
Unpacked files
SH256 hash:
2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf
MD5 hash:
b649cfb75c80a2007de27dfa415ec12e
SHA1 hash:
5d6cf4f0adf171dbf037c510b832d2479115ccfb
Link:
https://www.unpac.me/results/8b7bc606-0af0-43f1-ae82-07b6ceb56731/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/198685/

Comments