MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a10bf2f6173ea533b580ac4b61e976cd7d2913a704728de5a2d4d26cd8a42fdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a10bf2f6173ea533b580ac4b61e976cd7d2913a704728de5a2d4d26cd8a42fdb
SHA3-384 hash: dfbb2cb0151d999de2caa34695e5e146ccb6e632f4155b3764df037ee306462b9f8f8ab7b9941898cb0e8e52c4f2d02d
SHA1 hash: d4d313425c7c43cf8cfcd3bca43fd8d272db3996
MD5 hash: 99a89887f732e6e110e74f5d9a13aabf
humanhash: bakerloo-triple-zebra-equal
File name:RWT980012367.exe
Download: download sample
File size:204'288 bytes
First seen:2020-12-22 15:48:36 UTC
Last seen:2020-12-22 17:39:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3849e503bd822b45c5ad473e158c5201
ssdeep 6144:gST4LRkh6IjuyX9GD3nXEAJWJayRl0UKTo:1EleRjuwGDHEAYJacUo
Threatray 9 similar samples on MalwareBazaar
TLSH CD14128449314B66EF482CBA10559E0E4B0BD97A6FAB0CCF3DC35F5271284E2E1F5A5E
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.allaboutoffice.gr
Sending IP: 94.130.138.183
From: info <info@kontattoit.com>
Reply-To: info <comptabilite.jac-machines@cash4u.com>
Subject: Bonifico
Attachment: bonfico.zip (contains "RWT980012367.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RWT980012367.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-22 16:01:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b73aea81-9b4d-4c85-b056-652092dd6439

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108944/
Detection(s):
SecuriteInfo.com.Generic.mg.99a89887f732e6e1.6792.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/568585
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a10bf2f6173ea533b580ac4b61e976cd7d2913a704728de5a2d4d26cd8a42fdb/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 15:49:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uef7f5qxh2sthnmavrfwd2lwzv6sse5harzi3znc2tjgzwfef7nq._file
Verdict:
unknown
Similar samples:
08a8d2666394e14369192ac720209c7c947a024181e4255c62825e37165cb45b
1b95de55808c88599a46d6a21a0063a874a6e2ca7f0644989ce60eee025a6485
2a9005e0218ee1fa65d55949828ccdea090ef64747d7913b2e6b38dc0a4adfb9
5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d
70528f1500aeffb424cc452a6afaa99ddf4b8deb61a6e41830270dfb1400589f
81f08bb7f6faa0880efb94cc2fb91eec241e83b3d5b992c9564608bbe3c974e2
848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3
d0a531def227f88eb7cf052fb7b94b33b7a1daca060bdb464e21739d606c99d4
ee800c211606c5adfaf0f26d2505085d08b7097dad09ccff38134c6403d51598
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201222-sxm5z83ljj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a10bf2f6173ea533b580ac4b61e976cd7d2913a704728de5a2d4d26cd8a42fdb
MD5 hash:
99a89887f732e6e110e74f5d9a13aabf
SHA1 hash:
d4d313425c7c43cf8cfcd3bca43fd8d272db3996
Link:
https://www.unpac.me/results/d8c909ef-70c6-45c6-a23c-f0f7ce198c6e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Spyware
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/a10bf2f6173ea533b580ac4b61e976cd7d2913a704728de5a2d4d26cd8a42fdb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 21d6efd0e4b787d1f26cd7abdb04fb40c7e2864d30843906f746a02d92ac8e8e

Executable exe a10bf2f6173ea533b580ac4b61e976cd7d2913a704728de5a2d4d26cd8a42fdb

(this sample)

  
Dropped by
MD5 e70bd72c947ef95c92e7950bb022f2fd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 21d6efd0e4b787d1f26cd7abdb04fb40c7e2864d30843906f746a02d92ac8e8e
Cape
Cape
https://www.capesandbox.com/analysis/108944/

Comments