MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 347be975b764b78ec7860ee7c61c443fb63d6d330e7897acb8ac701cf37bb685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 347be975b764b78ec7860ee7c61c443fb63d6d330e7897acb8ac701cf37bb685
SHA3-384 hash: 9bf2afb0323f9bb26c042daccf7af28eb46788681f2dee9156848c0a8ad7feb25aa0e176447aa4924963ba04cfe1e4d3
SHA1 hash: f08ee13771c5608b7e18087b8e3ffd2076a114e8
MD5 hash: 5c0efa906b43ad42826a5fa894fa8b95
humanhash: echo-arkansas-neptune-seventeen
File name:req.exe
Download: download sample
File size:198'968 bytes
First seen:2020-08-05 11:35:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:JSK8NJSej4T8CGzZRsD54iWSVWQwpjSqgvST00pmWOy:JwNEW4NKbsDbWSgTjSqNp1
Threatray 66 similar samples on MalwareBazaar
TLSH 8D148C5DE59D9430CC9D24758E6B88A017F2B1E3E374DF7DABCA8814DB429B86C4C9C8
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: [103.140.250.133]
Sending IP: 103.140.250.133
From: Lu Thai Textile Co Ltd <luthai@ltc.com.cn>
Reply-To: luthai@ltc.com.cn
Subject: REQUEST FOR QUOTES.
Attachment: PO.rar (contains "req.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/39439/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/410958
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 257640 Sample: req.exe Startdate: 05/08/2020 Architecture: WINDOWS Score: 25 13 Machine Learning detection for sample 2->13 6 req.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/347be975b764b78ec7860ee7c61c443fb63d6d330e7897acb8ac701cf37bb685/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 07:25:00 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gr56s5nxms3y5r4gb3t4mhceh63d23jtbz4jplfyvrybz433w2cq._file
Verdict:
unknown
Similar samples:
0993574372fe7ceb3e58b64101c1a9dd0d6b0a521ad5af075c0ca0a639601175
387b37b3f24aee2415ac723a697617c09eff5269e8657bd9c25194894336cb01
41efc16c24de6ee0b2ef7532958b5413796c18c87729b7c6114e371ab24e5bd0
5009fa6f9637ff97ab0d2cfdedfc18adbd01ebbc398a7367f735c26216f97eff
5761ed082c15df8c9fb6fadcff317a227008848db681d92ae959fe481e05e212
5baff9f9f5ad337c1d8c118f49e7ca6c190a7a86721ccab791545a1237f521b8
c32b2c89d798742a6e6b3b54bef5dec58bd9f9e7a10cd106097943773d4f6179
d28d5eb6ef6a35c2323f5b10e3bd013eff3338197df93c562dd55455b9ab4911
d63ae672835f5fd689bf0a4c5bd1aaacba19379c6467fefdae6b9fc1518de9e0
db14f4188f9a9cd454cf4253cefae20a8604499afcaf61e64031f42db6dc8baa
+ 56 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200805-g7vh995b72/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/347be975b764b78ec7860ee7c61c443fb63d6d330e7897acb8ac701cf37bb685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

rar 0f888907403ebaee309e7927c72e5ebd6aca817209fd1a5a8ceaa0b028116fcd

Executable exe 347be975b764b78ec7860ee7c61c443fb63d6d330e7897acb8ac701cf37bb685

(this sample)

  
Dropped by
MD5 120e64a8a2f32751de5ac49daa0dcbd1
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/39439/
  
Dropped by
SHA256 0f888907403ebaee309e7927c72e5ebd6aca817209fd1a5a8ceaa0b028116fcd

Comments