MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a48933ce26f774f64d5572dcdcf4c8c50d3dc5dcae85388848f8a3aa4af2a39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a48933ce26f774f64d5572dcdcf4c8c50d3dc5dcae85388848f8a3aa4af2a39
SHA3-384 hash: 3f7a4210f22f3c6bb0455ff111def30ef07e6de91ee6dbfdd63ce2ce50707487ac694627f781971b2a11adc8099f8c5e
SHA1 hash: 526c6833c4db6b4ca7a4d3f632d20201ecee006f
MD5 hash: f7a54acaf952d4e1e4b5881d588bae80
humanhash: arizona-arkansas-xray-oklahoma
File name:Offer Request.exe
Download: download sample
File size:1'732'096 bytes
First seen:2020-11-07 15:01:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fa3a99b038d1b19672af6b92afe86d67 (8 x Formbook)
ssdeep 49152:ZvLLEmNDXzBuMTDtB/0ZXsboUvelHQSYC+iURV:ZvLLE2bzBXDKXXlwSFSRV
Threatray 98 similar samples on MalwareBazaar
TLSH 1785231679D0C03BC42F15345530E7F6AA3DF6302E19A89B6396A7796F241E3832C59F
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server27.hostingraja.org
Sending IP: 103.129.99.26
From: nourene@safetyworlduae.com
Subject: 6092020
Attachment: Offer Request.r13 (contains "Offer Request.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35113923.26809.28692.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a window
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a48933ce26f774f64d5572dcdcf4c8c50d3dc5dcae85388848f8a3aa4af2a39/
Threat name:
Win32.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 12:48:20 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ljejgphcn53u6zgvk4w43t2mrrinhxc5zlufhceer6fdvjfpfi4q._file
Verdict:
unknown
Similar samples:
2128551c6363325c0d054a9a4d19bd066a9bde70d6ee860535d298d6961b54d7
3617f1bf2ebcce123605dccd72dfbfc05f143d2698e159dc869e34ba38c91948
53174a644680154786d09b66cc8c4a1aa83c625bd10137600bf191573fa5c602
686eca2834dd77a34fa608e4cd4507c6ac57613a41a705ad848b81fe8dbfcec4
929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471
97a6b33da5bd1caba8bf16c1a6457bda8b50ccc25d154962e53d437a8c35661f
ab703a3bc7d05c62bcc127febfd82a7903a47f45664b5195ada070eb748d5b25
b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95
f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f
fddea1265c29e98f5b679ff034f27124b688f03f2d4c72442ce5f358ddd3eff0
+ 88 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201108-791rwjzk22/
Unpacked files
SH256 hash:
5a48933ce26f774f64d5572dcdcf4c8c50d3dc5dcae85388848f8a3aa4af2a39
MD5 hash:
f7a54acaf952d4e1e4b5881d588bae80
SHA1 hash:
526c6833c4db6b4ca7a4d3f632d20201ecee006f
Link:
https://www.unpac.me/results/e12d911f-2616-489c-893f-1a6d24b05a2e/
SH256 hash:
a81b6f6c7b6fb0d22c5913a0f58a1ea823f6ffaa263dda9e5d3c776fd6915866
MD5 hash:
766b742a0de9629e787cc5121993e1b3
SHA1 hash:
cd37db2d6dbaab162dacd51eab2f177b4dc5d294
Link:
https://www.unpac.me/results/e12d911f-2616-489c-893f-1a6d24b05a2e/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Embedded_PE
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar b8520be4146f14dba854c533ea0e2d269f1aceaaa3b089fb9ec3a85e94dd960a

Executable exe 5a48933ce26f774f64d5572dcdcf4c8c50d3dc5dcae85388848f8a3aa4af2a39

(this sample)

  
Dropped by
MD5 3e94e9f5be6f5bb2c2fa8dc616d727de
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b8520be4146f14dba854c533ea0e2d269f1aceaaa3b089fb9ec3a85e94dd960a

Comments