MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab
SHA3-384 hash: cbfa342222096d1893b0b6922bec6c20710207fc59348874bce8e4073784e184ab1b02aae17337fac50f203fb9208a83
SHA1 hash: b43e66fca4050abed61ee5903ea1590b9a91f342
MD5 hash: 2a179eb602aae51b2111c9bf425c285b
humanhash: gee-network-juliet-georgia
File name:68052Re Product Inquiry- Quotation.exe
Download: download sample
File size:1'203'712 bytes
First seen:2024-02-05 08:32:29 UTC
Last seen:2024-02-05 10:33:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bd3825b6e0410966f0c31f64b6c7644a (36 x AgentTesla, 15 x Formbook, 6 x RemcosRAT)
ssdeep 24576:SAHnh+eWsN3skA4RV1Hom2KXcmtcUggR5vyas6tPqL:Vh+ZkldoPKsacLovy4V
Threatray 35 similar samples on MalwareBazaar
TLSH T19E45BE1273D2C03AFFBB92B35B69B2015AB97D250123852F13D82D79BA701B1673D762
TrID 49.2% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
22.7% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon a065646aeec646ec (21 x AgentTesla, 13 x Formbook, 5 x DarkCloud)
Reporter adrian__luca
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
263
Origin country :
HU HU
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/474606/
Detection(s):
PUA.Win.Packer.Ep-7
Create hunting rule

PUA.Win.Packer.Embedpe-3
Create hunting rule

PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
autoit fingerprint keylogger lolbin packed shell32
Link:
https://www.filescan.io/uploads/65c09d4d0b80a407289261d0/reports/fb49f1e4-38c3-4ed9-9f6d-731cefab5ec6/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/527dfbc2-6a0e-46c8-adc3-4339306ceef4
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1386620
Signature
Binary is likely a compiled AutoIt script file
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2024-02-05 08:33:12 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lryc2bbymoy33vxe3ppyt766a5ex32qfoa4wngcqtyrwg62vlcvq._file
Verdict:
unknown
Similar samples:
154413a3db35cba21de61256313446c7b3a018234914335dbb564dfc6573aa11
46381f6540a0a0075a17fb9747e5cf09dbcdd69b5509b1f4beced1c13d1deec2
5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab
6368bd094f648a12bcdd609edb833cb5ca3aa7a70efc0cf7e0dcbc71e80ed51b
b7e1e34df8d8f63cad1d66970746631001c34f2bad3f86e3a517e5ebdfdd6b3a
ba4238adaf37b8d122ebdb9737c46dd1db053b91403bfe3b953e77037d5a519d
c20765742b6d22e16299239e960d1c4e851fa9f12bd1b0696d4195f8890a6bf6
e4d521e8c1f8bc496fe8fcdf2e083f0ab341696723586c83c12c5b13013843c3
+ 25 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240205-kfwetadgcj/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
AutoIT Executable
Unpacked files
SH256 hash:
1a3a9ffd38c34e7ec5dbfae22a6e2f6b2745f5528ede63339c8f7081d8e5895f
MD5 hash:
06866ba706f4b1c6cb3aaadb91a39546
SHA1 hash:
36766bd29900a2647cdcfebbd23bd80bfcb438a2
Link:
https://www.unpac.me/results/89e83a00-1632-494e-b6a7-6fe74c9c3ffe/
SH256 hash:
a2d849cbecb3dc496f35171e95512b83b1589ef788e178533cff772fa8a33a40
MD5 hash:
d11599cfbb84913f133096912f642a92
SHA1 hash:
16e239b541f11c603aecd6839c603ca3a8312c55
Link:
https://www.unpac.me/results/89e83a00-1632-494e-b6a7-6fe74c9c3ffe/
SH256 hash:
5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab
MD5 hash:
2a179eb602aae51b2111c9bf425c285b
SHA1 hash:
b43e66fca4050abed61ee5903ea1590b9a91f342
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/89e83a00-1632-494e-b6a7-6fe74c9c3ffe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 5c702d043863b1bdd6e4dbdf89ffde07497dea0570396698509e23637b5558ab

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/474606/

Comments