MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c
SHA3-384 hash: 836c6fd400e3b34ccee78fab46e598dc519f7da8c3686ef072b20f6c1fda7bfd6388623db99dc4cf84ae255c612f4428
SHA1 hash: a70f2c031178900ca19b0623780c841b847c60f4
MD5 hash: 5ec82c5b3c676df5bf962e2b51d401e6
humanhash: magnesium-uniform-single-snake
File name:RFQ.exe
Download: download sample
File size:1'794'472 bytes
First seen:2021-01-19 17:49:21 UTC
Last seen:2021-01-19 19:55:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:+H4do/3VQ6lDjP5ILxxxxFq9j7E3QGKgmBy45zk7s0ITP/LbATznmwBwI0xBe0Hm:+H4do9Q
Threatray 67 similar samples on MalwareBazaar
TLSH 4C8502213C6F3205A9F26DE294572C762F09E9752EA2412E245DE339FB97018CF33E59
Reporter abuse_ch
Tags:Endurance exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy1-pub.mail.unifiedlayer.com
Sending IP: 173.254.64.10
From: YASIR <Account@transfopam.com>
Reply-To: sjrkintluea@gmail.com
Subject: Request For Quotation
Attachment: RFQ.7z (contains "RFQ.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ.exe
Verdict:
No threats detected
Analysis date:
2021-01-19 18:00:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/06f73a3a-62ca-4b0a-8166-d527ab4bacc5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112962/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.510.5989.8051.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/585414
Signature
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c/
Threat name:
ByteCode-MSIL.Trojan.Malrep
Create hunting rule
Status:
Suspicious
First seen:
2021-01-19 11:44:27 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n7ftsieyeq3lpoeda7xplbxguc6qdouacsypefvp72t5jnpdumoa._file
Verdict:
unknown
Similar samples:
034117e2215690c209ed3a796a816b6f033db21760157de584fa1481f13fe666
52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122
58909bdbe9145136b971a479fe4eb668fcf23278cd14c29b8526ef0627a5ba0f
61c31b3775cf5192df4442fbd308d7164fbaaeaea4a6a43dab2197b702af30e6
7380f791a7bb79b986dba49ba94e0f2e4a16abeccb3a7117d5acf27c3977a530
98cf9b180f49331bc9c5a5eae9257f083e7b9601819191e9414dc7a76321592f
e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700
eba0abe9461df84c76949df2d559f66b0379cbdbd430f8db884c55d0aa469980
f64dfe37f4518739d7d31f0a81cc8a126d6766ca16039b3f80a50495efd6d765
fa7b9f85c252084827387001e3e113db0800169afc79e4f3305e0a1d3574bccd
+ 57 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210119-5bn83dzmja/
Unpacked files
SH256 hash:
5dbb00ca3c33ad100712f78049649d13c839521e8c599cb7714d92d057bd9316
MD5 hash:
686c74830c613d6a1279ed66b1ca485b
SHA1 hash:
dc6f9b5f078b95242604cafe3c26fdc362f47505
Link:
https://www.unpac.me/results/0afc4b15-4687-4d0a-acd5-dfd7e00f5eb8/
SH256 hash:
7c6e78f40587d45502a9cd4660d8c22915f414f34db65d70588e54a8107d24bc
MD5 hash:
e459138150b4e778be1d1cfefb24964d
SHA1 hash:
1220dbd979081ca2948b35121be610823e71bf67
Link:
https://www.unpac.me/results/0afc4b15-4687-4d0a-acd5-dfd7e00f5eb8/
SH256 hash:
6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c
MD5 hash:
5ec82c5b3c676df5bf962e2b51d401e6
SHA1 hash:
a70f2c031178900ca19b0623780c841b847c60f4
Link:
https://www.unpac.me/results/0afc4b15-4687-4d0a-acd5-dfd7e00f5eb8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z ca9fd836692c1ff2daaa7634878dc239f3a2118aa695389db8634dbb4e16b950

Executable exe 6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c

(this sample)

  
Dropped by
MD5 f0774d868ee7bfe420887629bb1fe3d6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112962/
  
Dropped by
SHA256 ca9fd836692c1ff2daaa7634878dc239f3a2118aa695389db8634dbb4e16b950

Comments