MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741
SHA3-384 hash: b3c5bbae9733fc1206111482252284354fb5292a4feedd1a59a05072433446f16b927c16b5ad00d642aeda50e57b728b
SHA1 hash: 8422afdc80f8aa17d9dd62aa7adc6e961fc0ac4a
MD5 hash: 82bb00537b94e8cdf65d9b07bdbc9527
humanhash: tennis-seventeen-wyoming-burger
File name:BOQ Quotaion Request Data Sheet Requirement No 002022020.exe
Download: download sample
File size:594'944 bytes
First seen:2020-08-16 13:52:27 UTC
Last seen:2020-08-16 15:07:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:XdFv1Rybt4YcKbVceGKJu4rUIR+XtksM/7xVAnh+qa:XbybqYcK2GJSe+9pMjxKnUB
Threatray 46 similar samples on MalwareBazaar
TLSH 48C41223B1D05212D43F2BB444A3274053F165EAA715FAED3D9016CA96AB7C6E780FE3
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vm86.entorno.es
Sending IP: 195.162.18.227
From: Surya Narayana <surya.narayana@faskkuwait.com>
Subject: RE: SUPPLY TENDER NO 4589070: RFQ 002022020 FOR Fask Kuwait Gen. Trad & Contracting Co.
Attachment: FASK Kuwait Co RFQ 002022020 Supply Tender 45890720.r00 (contains "BOQ Quotaion Request Data Sheet Requirement No 002022020.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46462/
Detection(s):
SecuriteInfo.com.Artemis82BB00537B94.13394.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/432245
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 09:07:22 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pai3lbsfoe2imulumu4jau4y4cf4tjnbdvwle77w3v5joc7ho5aq._file
Verdict:
malicious
Similar samples:
0d048612a3cb9e6113b539ce3bd2f08f56e604869cdb38edcf02400ae12c3a74
1f5f7921e3be739b51bead01306a9cc5dc7fec1dbc01a6784497de89afb6742c
37e399fce2caa80c9ea931f693b51a6d1c11464df1ead916cfca67f6100ad71f
69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a
77bb6489c1fd6c87f2ba80955211d0eef9be425d4e6076bd7280c6f87f9f3300
babb19e7cb06c97942ebdda46ddfe8435b8281ab8459080e0282485e02d587d4
e593655b5dafbbb4d5a991689b883d1304c8b653a714ec724d31c08ed37f13d5
ed847b13d7e0e4544eba48cd80e78a0dc002a8c46b3acb871113ad5be5f44916
f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315
f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200816-5aslwng66j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 d8ee12ad5c491e784d9dae4c089d91ae8b95fa4103d723f1ed589a712a24d417

Executable exe 7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741

(this sample)

  
Dropped by
MD5 ea664381383e8fda2d6efcdc7d99e023
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/46462/
  
Dropped by
SHA256 d8ee12ad5c491e784d9dae4c089d91ae8b95fa4103d723f1ed589a712a24d417

Comments