MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82d687b835b9cd13408495c0e3979aad732f6dee11fcfddff3d1921af22fc9e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 1 Yara 2 Comments

SHA256 hash: 82d687b835b9cd13408495c0e3979aad732f6dee11fcfddff3d1921af22fc9e0
SHA1 hash: 1ed3e2df5b16cbcd1f96e50d10b9876001c6fafd
MD5 hash: 31c7076fd76b6f82bb957570dcb2a7c4
File name:REQUEST FOR QUOTE_03132.doc
Download: download sample
Signature n/a
File size:326'273 bytes
First seen:2020-05-22 12:02:43 UTC
Last seen:Never
File type:Word file doc
MIME type:text/rtf
ssdeep 1536:mBLIUfUisxYtkKTfJinpTvJE3VBNGobeWngRLO+jg0xUv6mQgaeeVhMDw5wfLN:mBhf1UYrT7aRDAw5wf5
TLSH EB6431F820C38644D755A154A994F18D19B2F2E730D54CB463EFE876DEA9FD0BE8808B
Reporter @cocaman
Tags:doc


Twitter
@cocaman
Malicious email
From: "David Yen" <david_yen@caspiex.com>
Received: from box.caspiex.com (box.caspiex.com [167.99.103.2])
Date: Fri, 22 May 2020 04:33:58 -0700
Subject: Quotation Request_03132
Attachment: REQUEST FOR QUOTE_03132.doc

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 26
Origin country US US
ClamAV SecuriteInfo.com.Exploit-RTF-Dropper-1.UNOFFICIAL
TwinWave.EvilDoc.DOCXSTRGOOD.RTFSTR.SCRIPTLET.200421.UNOFFICIAL
VirusTotal:Virustotal results 24.14%

Yara Signatures


Rule name:Retefe
Author:bartblaze
Description:Retefe
Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Word file doc 82d687b835b9cd13408495c0e3979aad732f6dee11fcfddff3d1921af22fc9e0

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments