MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78c34698255dc5496f2800fe2438b613929f24b11f10fc361eae4f5ef7b6d804. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	78c34698255dc5496f2800fe2438b613929f24b11f10fc361eae4f5ef7b6d804
SHA3-384 hash:	b931815b347d80b363519dc8856e8e4189310990660e7cb08fd194c2b82d3096be3bb94153bf7dd4df30858d2143e58a
SHA1 hash:	1473cdf1f55f8da12ddfc81759390167f3accb96
MD5 hash:	6795dcc46e6ca52461b72c1a19f927ae
humanhash:	monkey-ack-high-eighteen
File name:	RFQ-119810716151001981.rar
Download:	download sample
File size:	257'087 bytes
First seen:	2020-12-09 17:10:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	130312efe8892496180179ce46d20b79 (7 x NetWire, 2 x DarkComet, 2 x ModiLoader)
ssdeep	3072:KQLWOnFiCnkIDSrySPnhl0Cj/irN833f+y7bQ6wvCIWf2JjBX+Zfzp8/HkbwRHb7:nACTD4Pbn3f+yfwKIW+fcfzO/pR7M0gi
Threatray	70 similar samples on MalwareBazaar
TLSH	DE44BF2232E1C032E56318319DA9D771B9B9BC385975854FFBC01B6E6F31AA2C726713
Reporter	cocaman
Tags:	rar

cocaman

Malicious email (T1566.001)
From: ""Aileana A. Alfonsos" <office@partsforallcars.com>" (likely spoofed)
Received: "from ip-172-31-24-2.ap-northeast-1.compute.internal (ec2-54-238-153-209.ap-northeast-1.compute.amazonaws.com [54.238.153.209]) "
Date: "Wed, 9 Dec 2020 17:08:53 +0000"
Subject: "PartsForAllCars LLC- RFQ-119810716151001981"
Attachment: "RFQ-119810716151001981.rar"

Intelligence

File Origin

# of uploads :

# of downloads :

127

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

RFQ-119810716151001981.rar

Verdict:

No threats detected

Analysis date:

2020-12-09 17:14:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/84e60abe-113a-4ca9-85a7-c6f59d6feab6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/107525/

Detection(s):

SecuriteInfo.com.PUA.Tool.BtcMine.1618.231.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/559389

Signature

Drops PE files with a suspicious file extension

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/78c34698255dc5496f2800fe2438b613929f24b11f10fc361eae4f5ef7b6d804/

Threat name:

ByteCode-MSIL.Downloader.Bareps

Status:

Malicious

First seen:

2020-12-09 17:11:09 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

12 of 29 (41.38%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pdbungbflxcus3ziad7ciofwcojj6jfrd4ipynq6vzhv555w3aca._file

Verdict:

suspicious

584e708b0a6e5782746eb169983ada677c6b0e0fc93fb01751b7393ef8d975cf

8747896fc2d331a7dc2f3f216e4af54da9b02fecc3e17172de74ed0b85f9ce09

a7755dd7ba0c0f4c51ab6f9154ac0a7b722cd6c9da168ffac5fd546881fcd0f9

b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491

c33a246bf5bcec5f1f0468958c478d251707a227d218dc2c61f23686cae3f1b5

ced287221f1034fec7a1280429189f9845664f0c554390a1a2e0e7b5b0f324bb

e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec

e465df0968bcbe843d6373384a8f19268b395dccd2aa0d3b9ba13f5ae3cf783b

fad5b6bff822a8e8e639082c15cd265a74963698a355479c160e3e94dbb2d945

+ 60 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201209-y9rg64ec1e/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

78c34698255dc5496f2800fe2438b613929f24b11f10fc361eae4f5ef7b6d804

MD5 hash:

6795dcc46e6ca52461b72c1a19f927ae

SHA1 hash:

1473cdf1f55f8da12ddfc81759390167f3accb96

Link:

https://www.unpac.me/results/02dfa4bd-d29b-48c5-a409-393226668449/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/78c34698255dc5496f2800fe2438b613929f24b11f10fc361eae4f5ef7b6d804

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 78c34698255dc5496f2800fe2438b613929f24b11f10fc361eae4f5ef7b6d804

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/107525/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample