MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e0a37f088d0afcb0d3528f6df73368d754f51c07acff855e1c991071cebd298. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e0a37f088d0afcb0d3528f6df73368d754f51c07acff855e1c991071cebd298
SHA3-384 hash: 62249b4c20252f26558236ddc7dc5993e134f92d8e0c9837ab7b008ed669958356a791b648c3756e0f3ab22ba390f245
SHA1 hash: 99721fb524349c772d66aced1bf00339b14ca06c
MD5 hash: 1c7be25f8b1dd283f68b620fc80b8fdb
humanhash: south-washington-princess-alaska
File name:Order Confirmation 0263417.exe
Download: download sample
File size:900'096 bytes
First seen:2020-11-05 09:17:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e84ad2fcdc8258e8b185201ca744213f
ssdeep 12288:iLulTCQFpN3S1tkEmXPnF0QJokHD18teFI0T4Mbz3djFDXMM1O6LkZb1gMJY0dSC:MQTCo386FXokHD18aTnVVMMY6LkZpM0f
Threatray 69 similar samples on MalwareBazaar
TLSH 42159E22F2904837D173263F8C1B9365982ABE713D2899463BE51E7C5F3B6817C292D7
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.madalinagrup.ro
Sending IP: 89.120.113.36
From: AKHILA NAND MISHRA <orders@kanelli.eu>
Subject: Order November 4, 2020
Attachment: Order Confirmation 0263417.7z (contains "Order Confirmation 0263417.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/83138/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.251080.14026.14761.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Changing a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/521138
Signature
Contains functionality to detect sleep reduction / modifications
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e0a37f088d0afcb0d3528f6df73368d754f51c07acff855e1c991071cebd298/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 01:35:20 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hyfdp4ei2cx4wdjvfd3n64zwrv2u6uoaplh7qvpbzgiqohhl2kma._file
Verdict:
unknown
Similar samples:
05c5ebfe7acb748d41d40eb6dad1c142635f5fe97958f6933fead63d723b0728
4748d8754858143f280c1022b3c01ddc0a81e9fdf04babe1e711ef09d73124b6
5026074cb8589625cc6579285ec7ec862f7f6c9616e3a1f5d61329520177cfb8
586a5c6bcf95f6049dc38661cff95eb5000a05ddad7ed07236bfdabee7ffd30f
6cebc20609d3d9a4f39599787371113c70cc5553f1d15555af232e557c2aacab
90bfb4c6e4d0e4cfbc46e3f641045e47b917a6a5b6ade0e8314ce0ca1d7d6f67
9f1bd2c46d3293044a04b58c4f9fdbe301cf6d2d5432c808b7e7310fe4544011
bdb09b8c5d9d6ee0e42047449dec605b61edc1f71ee6247b84f3c9a03669cffd
cddbbf914db713826ba190f20ccfd85b427666227210faaf435d6748fa601d14
e1ec1bb7aa6dec1ced8de00080d6c7b26890b89af96e05fb81f806bef1464be6
+ 59 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201105-dp2s5xg1vj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Unpacked files
SH256 hash:
3e0a37f088d0afcb0d3528f6df73368d754f51c07acff855e1c991071cebd298
MD5 hash:
1c7be25f8b1dd283f68b620fc80b8fdb
SHA1 hash:
99721fb524349c772d66aced1bf00339b14ca06c
Link:
https://www.unpac.me/results/341af0d0-b941-4085-879e-3d03f46328eb/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 36099da74260bc5d41d9658421d331f73741a4d670bbbf33f1bc9da7be3c2df0

Executable exe 3e0a37f088d0afcb0d3528f6df73368d754f51c07acff855e1c991071cebd298

(this sample)

  
Dropped by
MD5 3b717d479d0f0a77c75c8fb4d8d451d3
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/83138/
  
Dropped by
SHA256 36099da74260bc5d41d9658421d331f73741a4d670bbbf33f1bc9da7be3c2df0

Comments