MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
SHA3-384 hash: 7edf1e89e637855b6f35ed97212ab3b5001bb53cd9b3e7c29a39122256b3665662ce348a7b051cc9112f1cfaa3308c76
SHA1 hash: ed3d043d0a0b2f0f246ce9d672068b41f36f8980
MD5 hash: 8fa502b4a09f8f304b267f9c70e18de5
humanhash: tango-lake-hamper-north
File name:Enq.xll
Download: download sample
File size:962'560 bytes
First seen:2021-08-03 07:38:25 UTC
Last seen:2021-08-05 21:16:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 24576:QzbGHAzHKjX1gBY4ZyrE7K3yl8PeVooA/AB2LEgpUqWriNFlHhfWIqZa/zOyZ7:QziHIipU/rqhFWIO8KyJ
Threatray 4 similar samples on MalwareBazaar
TLSH T10425C057F7D7FAB0E6FE827A86B1891C527774620260A78F664072886D23392453DF0F
Reporter lowmal3
Tags:exe xll

Intelligence

File Origin
# of uploads :
3
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Enq.xll
Verdict:
No threats detected
Analysis date:
2021-08-03 07:39:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/dc5eec3b-0461-4102-8741-b1b9086904cc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175954/
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/92a59471-b98f-43b5-a935-bf04a9e74c35
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/825942
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-03 07:27:39 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ub42l4xvicxu2qywnkb7kbxa3ihfqia77nk4ax6sjnstf7u6z37a._file
Verdict:
unknown
Similar samples:
338ffcde4891ef19f8b2974f2a9188e14a90f592322c8fb07acb662b57b35771
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210803-ljddvr447a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
MD5 hash:
8fa502b4a09f8f304b267f9c70e18de5
SHA1 hash:
ed3d043d0a0b2f0f246ce9d672068b41f36f8980
Link:
https://www.unpac.me/results/e1d9e994-cc42-4f26-a12c-38e2941086da/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/175954/

Comments


Avatar
TomU | I'm still here... til the end commented on 2021-08-04 17:25:26 UTC

Also seen in a mail attach:
--
Received: from 103.82.21.175 (localhost [IPv6:::1])
by mail.ledfarm.online (Postfix) with ESMTPA id 27394584F0;
Tue, 3 Aug 2021 16:08:09 +0700 (+07)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_a438754aa14833391ce90e71c5185481"
Date: Tue, 03 Aug 2021 17:08:08 +0800
From: Maya Ingrid <admin@ledfarm.online>
To: undisclosed-recipients:;
Subject: INQUIRY
Message-ID: <e672593b2532f403d03cf5c14f287ea7@ledfarm.online>
X-Sender: admin@ledfarm.online
User-Agent: Roundcube Webmail/1.0.4
--

Good Morning,

Could you please provide me a quote of the following products as
specified in the attachment as soon as you can.
In the attachment , you will find the details with description, Specs
and quantities.
Please send us price quote with estimated time of delivery and terms of
payment.

Thanks and best regards,

Maya Ingrid

INCO Global Business Solutions BV
De Boelelaan 7
1083 HJ Amsterdam
82349967 (Kvk number)
sales.dpt@incobusinessgroup.com
www.incobusinessgroup.com