MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 348f9d5b52f4b01c9886af630c02a8cfe9dec0ddf882fe906e0b04f921ab1fff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 348f9d5b52f4b01c9886af630c02a8cfe9dec0ddf882fe906e0b04f921ab1fff
SHA3-384 hash: f6fa775fe5291655bf9d6d89f9a3202f9372a478a607fd261cd5dac10796d2da0b730902d5ce9d018451f6f3ac5e4b19
SHA1 hash: 8c12e5b023cc6806d5890163baffee81cce9afaa
MD5 hash: 16f68b2c1d048e55cf61ccbbf479effe
humanhash: lemon-robin-emma-west
File name:Re Confirmación de pedido-5309, pdf.exe
Download: download sample
File size:907'264 bytes
First seen:2021-08-07 05:23:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4de4e132825d8ff5881e7c510ae93609 (3 x RemcosRAT)
ssdeep 12288:jrmgDOXRVBMr+PIgdwke5XtICweJPcdGWctYScYjY65RnufUjsCJb3:jrmgKXTMAdwke5uCBJ8GNtYCM6PA6
Threatray 389 similar samples on MalwareBazaar
TLSH T158156A61A6435E3EC23F38749C1E5E6D942D6B405D2BDB873ABD2D08AA307722D191CF
dhash icon 2a156a6a49c8c8c8 (5 x RemcosRAT)
Reporter GovCERT_CH
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Re Confirmación de pedido-5309, pdf.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-07 05:25:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c8d40561-b43c-4870-a6f7-2b144e170558

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Malwarex-9884082-0
Create hunting rule

SecuriteInfo.com.LresultFromObject.20965.10342.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Creating a process from a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/41174aa6-2528-43c1-bf29-0eb74660ca32
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/828559
Signature
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/348f9d5b52f4b01c9886af630c02a8cfe9dec0ddf882fe906e0b04f921ab1fff/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-08-04 07:50:51 UTC
File Type:
PE (Exe)
Extracted files:
50
AV detection:
21 of 46 (45.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gshz2w2s6sybzgegv5rqyaviz7u55qg57cbp5edobmcpsinld77q._file
Verdict:
malicious
Similar samples:
0995508fb834276c81247e483148dffb912b7fbdad2a92a7c444f2b3caede34d
0a0f707663752fcee384add20de2ee2c3f2061781aa8f08266b155317eb4662d
1bf82794b7a65dd38c5f0f78813b1f882a9ff838fa94543e74a3a29a22307032
65938be488736ddc5c8a7c2891ec4530d9d27fd272aeaf192a3be4461b4690b1
c70917b8034aedf54cf578fa9db38399a6129376bc7d06cacd6b324fed45c5a7
cb5bbf44295f0df808a863306cff28a7237ceda45a417d90f7eaa6176b0d6047
ed3025c977b3b86c1891364a05323b582336865698acf3252811da125ad00ea8
+ 379 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210807-naw25trjwa/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
c873bd224bbf6f82aa169f079016ebdf7690b40a7db5dd8cfefd26404a9d50ca
MD5 hash:
d328f4ade4dd3cd77b3c055c6a7a7937
SHA1 hash:
5d2437502c20efaadd44d27bd5f2f748bdb48512
Link:
https://www.unpac.me/results/187326ad-6da7-4f72-88c3-d4eb01f8e576/
SH256 hash:
348f9d5b52f4b01c9886af630c02a8cfe9dec0ddf882fe906e0b04f921ab1fff
MD5 hash:
16f68b2c1d048e55cf61ccbbf479effe
SHA1 hash:
8c12e5b023cc6806d5890163baffee81cce9afaa
Link:
https://www.unpac.me/results/187326ad-6da7-4f72-88c3-d4eb01f8e576/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/348f9d5b52f4b01c9886af630c02a8cfe9dec0ddf882fe906e0b04f921ab1fff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 348f9d5b52f4b01c9886af630c02a8cfe9dec0ddf882fe906e0b04f921ab1fff

(this sample)

  
Dropped by
null
  
Delivery method
Distributed via e-mail attachment

Comments