MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f
SHA3-384 hash: 856798c4dcf18bf5e61669b5fc2a5cc675ac3a428bf5ee85974c8dd4013710f27c22412a24de2907d674b7b6bc5a4d7d
SHA1 hash: 367fe560c6dc4a7f698083b792e653d500c7c0e2
MD5 hash: 52e076cb01cdea03dfc7c41262ff6151
humanhash: lemon-papa-social-ohio
File name:QUOTATION.exe
Download: download sample
File size:1'644'338 bytes
First seen:2021-04-06 08:14:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c523d8653da5455667e3f82274f2f88 (6 x Formbook, 2 x SnakeKeylogger, 1 x AZORult)
ssdeep 49152:YU5reYCf7Udg0YJ3VrZR1kij0RqQIhnFFe1:Y2RCodk7dZO1
Threatray 1'980 similar samples on MalwareBazaar
TLSH 13753367A4C250AFCA3919F4ED9A96BAF5F4734C11421C3D1F8887B162B01CACDF4E5A
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gmail.com
Sending IP: 103.89.91.236
From: hoonaraman@gmail.com
Subject: RE;REQUEST FOR QUOTATION
Attachment: QUOTATION.r00 (contains "QUOTATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
QUOTATION.exe
Verdict:
Suspicious activity
Analysis date:
2021-04-06 08:32:23 UTC
Tags:
installer
Link:
https://app.any.run/tasks/797386da-ebd0-4413-a091-6ed599dfacc6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/132605/
Detection(s):
SecuriteInfo.com.FakeAV.AVB.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Launching a process
Creating a window
Unauthorized injection to a system process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/667296
Signature
Contains functionality to prevent local Windows debugging
Initial sample is a PE file and has a suspicious name
Maps a DLL or memory area into another process
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected Generic Dropper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 08:14:14 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nhndmk7vp6tpkzggluw7mdcbyirmeosss2upjdx6tyxhftsyg47q._file
Verdict:
unknown
Similar samples:
22916cd876516df90c959904823fbc25a331cd7f8e70343cc05f4674128f07e1
54fada6c9bfdc946561633bf5e3788d1921b6635629c02b6ba9a91ad7c008b60
686eca2834dd77a34fa608e4cd4507c6ac57613a41a705ad848b81fe8dbfcec4
8c35b3d63f5644c97f5e9a1215ac4d9a4486eb78ff8a1410da52fa6853c99bf8
97a6b33da5bd1caba8bf16c1a6457bda8b50ccc25d154962e53d437a8c35661f
9d6bd6a6caed8cbef5c95ed13d01a1e6c72e9e62b513261c0fabf100ff82abb9
a115e321c5902daa72854362422ea2a6cafbc5c7fcadfad0b8d03944d14e32e8
ab703a3bc7d05c62bcc127febfd82a7903a47f45664b5195ada070eb748d5b25
b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95
eeb94d0ce7213c5b8c070a7df59ba79aaf8248361922980368c31295c6641aae
+ 1'970 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210406-s42wg5ch7a/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Unpacked files
SH256 hash:
067b938cfee451e06d30631f8dddb978f23060b0b9ca986779bd03706556baf1
MD5 hash:
c3ab84deeedf622cc6ec50f71142b876
SHA1 hash:
b4510dd8af48178a1fc3219fd942af1101c417a4
Link:
https://www.unpac.me/results/95ed90b2-dd9f-4eef-bbd3-6a8c00f72cc9/
SH256 hash:
f53f180838263adab8a282367d62401e9cc2b912170b07658563b2ea29303137
MD5 hash:
8b951537f720df9f9f94b18bc3eafa30
SHA1 hash:
3186418d0272a664b5f5ea7c749a2a795dd3353f
Link:
https://www.unpac.me/results/95ed90b2-dd9f-4eef-bbd3-6a8c00f72cc9/
SH256 hash:
69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f
MD5 hash:
52e076cb01cdea03dfc7c41262ff6151
SHA1 hash:
367fe560c6dc4a7f698083b792e653d500c7c0e2
Link:
https://www.unpac.me/results/95ed90b2-dd9f-4eef-bbd3-6a8c00f72cc9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 a5582ded95975b4563b59ab2762ee7362c9db155c8a2811243495aae709f9d12

Executable exe 69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f

(this sample)

  
Dropped by
MD5 65d1e214dd775ddf9c04c918c3ee97e6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/132605/
  
Dropped by
SHA256 a5582ded95975b4563b59ab2762ee7362c9db155c8a2811243495aae709f9d12

Comments