MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e974ab9ade4dd9b829261ce5d0819a159f620f9d8647e6ce95ef4c82f2220b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e974ab9ade4dd9b829261ce5d0819a159f620f9d8647e6ce95ef4c82f2220b4
SHA3-384 hash: e6d0e60c2cd9fbf5094b15f2f12cce9caa13f8f09b359389df04b08dcf5799628faf8f6f527187155920686cf959e3a5
SHA1 hash: beeac2e235f996327f983d0cc38bf6b30331b301
MD5 hash: 4cd1c8e7568d65109f822d2228441b96
humanhash: finch-gee-table-batman
File name:YÊU CẦU BÁO GIÁ (RFQ).exe
Download: download sample
File size:330'168 bytes
First seen:2022-08-22 10:45:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e7f9a29f2c85394521a08b9f31f6275 (278 x GuLoader, 44 x RemcosRAT, 40 x VIPKeylogger)
ssdeep 6144:uMm4CCzQTMlM9vClgaFtf6lgFOdXNYlWN2VM1KsbL:uMw0c59oFtCGaEWNgp+L
Threatray 4'199 similar samples on MalwareBazaar
TLSH T14464BE42B742C8A7E8250771587BCA312363BE6DA951471F32D97A2B7CF3352146BB0B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 30f0ecb2dce6b04a (1 x GuLoader)
Reporter madjack_red
Tags:exe signed

Code Signing Certificate

Organisation:Rabban Afparerede tridepside
Issuer:Rabban Afparerede tridepside
Algorithm:sha256WithRSAEncryption
Valid from:2022-08-11T22:15:35Z
Valid to:2025-08-10T22:15:35Z
Serial number: 11570710b53a00ab
Thumbprint Algorithm:SHA256
Thumbprint: dd447fe0be981535f79a97d96fa03070ad0dab5bd86e948e465fe5548dab32b6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
YÊU CẦU BÁO GIÁ (RFQ).exe
Verdict:
Malicious activity
Analysis date:
2022-08-22 10:48:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3d051313-0838-457c-9d1d-5b3ff87798de

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/300198/
Detection(s):
SecuriteInfo.com.generic.ml.10982.9912.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Creating a file
Searching for the window
Creating a file in the %temp% subdirectories
Searching for the Windows task manager window
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/29652/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed shell32.dll wacatac
Link:
https://www.filescan.io/uploads/63035ee305ef0c24e41e04e1/reports/999603a2-241d-4964-a486-991a0a971307/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/490a83c1-bdb1-41e2-92f9-0cc861c24ffe
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1055458
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 687975 Sample: Y#U00caU C#U1ea6U B#U00c1O ... Startdate: 22/08/2022 Architecture: WINDOWS Score: 48 38 Multi AV Scanner detection for submitted file 2->38 7 Y#U00caU C#U1ea6U B#U00c1O GI#U00c1 (RFQ).exe 6 36 2->7         started        process3 file4 32 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 7->32 dropped 34 C:\Users\user\AppData\Local\...\vsockver.dll, PE32 7->34 dropped 36 C:\Users\user\...\AEGISIIINVHelper.dll, PE32+ 7->36 dropped 10 powershell.exe 7->10         started        12 powershell.exe 7->12         started        14 powershell.exe 7->14         started        16 19 other processes 7->16 process5 process6 18 conhost.exe 10->18         started        20 conhost.exe 12->20         started        22 conhost.exe 14->22         started        24 conhost.exe 16->24         started        26 conhost.exe 16->26         started        28 conhost.exe 16->28         started        30 16 other processes 16->30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e974ab9ade4dd9b829261ce5d0819a159f620f9d8647e6ce95ef4c82f2220b4/
Threat name:
Win32.Trojan.InjectorX
Create hunting rule
Status:
Malicious
First seen:
2022-08-22 03:28:37 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
11 of 26 (42.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f2luvonn4tozxausmhhf2cazufm7mihz3bsh43hjl32mqlzcec2a._file
Verdict:
unknown
Similar samples:
12f7ffd93e0af380b2fe64c1477afcf876ae1449dcc197d71da381873bfbb439
3c167530a131f9dc899b73b9eac971b38e44d41cf291893fde8e575602c2b846
5f30eae71c1b0d08e7ec5adfc9a0dc98078595502b60a584a8df5cdf8cacf7fa
87a0e76ffaebb434696dff4449ad27f6912937899749b7d8eb3b623615176a78
a651672f98fba458ca8b6861557119c81d12afcb705c457d65dd2b44dcc499fe
bf0c11eae9de14227141901dffc7bdbd1ecb9b0a2cb1e675f7d36ce5eff0679e
d09cb69744c809f1e48fda7e9ab5623852a42fc6f2cf79547ecc3329871e84ca
f3b3bf03f311300ba76f4de3376ff21b3b1971ccbc90e24638ab15c2b42ef79b
f3c2f58838f82805e8b2fad088523958db89bc6c34b1e27760f881d8d1bcc36e
f783fddd213ea27df398d887e7dadecc3ff7a60f4dff68254581a1d2c02a8291
+ 4'189 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220822-mtzeqshfe6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Unpacked files
SH256 hash:
5e66489393f159aa0fd30b630bb345d03418e9324e7d834b2e4195865a637cfe
MD5 hash:
4c77a65bb121bb7f2910c1fa3cb38337
SHA1 hash:
94531e3c6255125c1a85653174737d275bc35838
Link:
https://www.unpac.me/results/19de0c49-1329-47c1-959f-a522b8247492/
SH256 hash:
1ece965ac1a7410c56c47532a43dd7e5b4db0263a8dca53f0554f7ff16003a8c
MD5 hash:
df3e949ba7901c3520698d403c7f1f5c
SHA1 hash:
6cd0bcdcd433cea81f90ecc1bf4e92e9a0d8fde2
Link:
https://www.unpac.me/results/19de0c49-1329-47c1-959f-a522b8247492/
SH256 hash:
2e974ab9ade4dd9b829261ce5d0819a159f620f9d8647e6ce95ef4c82f2220b4
MD5 hash:
4cd1c8e7568d65109f822d2228441b96
SHA1 hash:
beeac2e235f996327f983d0cc38bf6b30331b301
Link:
https://www.unpac.me/results/19de0c49-1329-47c1-959f-a522b8247492/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.02
Link:
https://yomi.yoroi.company/submissions/2e974ab9ade4dd9b829261ce5d0819a159f620f9d8647e6ce95ef4c82f2220b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/300198/

Comments