MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8
SHA3-384 hash: e9a4f91ee37aa6b5e998533a14191bb51d5c62979ca494081acf863fd55d33116b2aaa196070bc79ad62b20704b11239
SHA1 hash: e36e612d24923129c9be88703d1544965836d72a
MD5 hash: a095b722591343954b0318054c4be1d7
humanhash: nevada-fix-comet-eight
File name:Quotation #30 (CS fittings).exe
Download: download sample
File size:1'663'488 bytes
First seen:2020-12-09 10:44:44 UTC
Last seen:2020-12-10 20:32:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:ByeYoH5hOb3+QZRxmtxNPpQqIynUpsDYeGfnIxuk4x9L8Niov5:4gmyQZXmtx99I2UukeG/Gur2
Threatray 14 similar samples on MalwareBazaar
TLSH 2F752242BE1191ABD2FCDE7AC86246F497F1F55110AEC4FDD2840A88EE3B4BC36D5185
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: omanht.com
Sending IP: 185.222.57.177
From: Mujtaba Hassan <sales@omanht.com>
Subject: Quotation #30 (CS fittings)
Attachment: Quotation 30 CS fittings.r00 (contains "Quotation #30 (CS fittings).exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Quotation #30 (CS fittings).exe
Verdict:
No threats detected
Analysis date:
2020-12-09 11:22:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1847e80c-63bf-4505-9836-5d074bee99e0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107439/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Spy.21524.32597.16453.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/558891
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8/
Threat name:
Win32.Spyware.OutBreak
Create hunting rule
Status:
Suspicious
First seen:
2020-12-09 09:45:41 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=up3vk5syyksng6xjb2pttlh6egevt76z4yzwqyhwlhoy5lafq3ua._file
Verdict:
unknown
Similar samples:
1131d4fd95da62edb0a1b201b08bb3811161363e64a9464f5f65bf8ea9b4a6bc
26542443b5665c97e3784c6bdbe4d009510c8bd4bb2f987ab441027fcdaf41a3
3ef39c4ba30114688584f0d34d5c4238fba9e5fe3f3e405d38109eb2a4619576
4a347ecb8e697e6e782a6d71516f3fe009888fded5879f973fe3ab4013bbb90d
5024e1e9970c3d1578e5a18081be612151022149e52998cd95b306619ae6322a
53ae2502a9fed69821959a54927023f131c6e62ebc46119d86e2eaad60356827
c6692211811dbc392c194a030e9be25e3758b07e29f1300253f9f4aaa7ed7310
e562fb595ddc39fc8fdeaf53db5bfc8878ded5328d32b5551b244c42768f3fff
ed8bdc7dfb03c556a144b552517f725297acac5c046313b9f8a96432d94cdf5c
f967527beb6b543395e1b9c1b76a67126321e7f8ec171d102753c0aa151432fb
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201209-ywvdtr7nte/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8
MD5 hash:
a095b722591343954b0318054c4be1d7
SHA1 hash:
e36e612d24923129c9be88703d1544965836d72a
Link:
https://www.unpac.me/results/eb8f61f2-a715-4f43-b293-0388a909069b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 5760f8e07801033ec690d78c481f9b036b847f286c9696942472eca1a863daf5

Executable exe a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8

(this sample)

  
Dropped by
MD5 c3e4c3e9fc28e4e8b7710715d7eb1d07
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/107439/
  
Dropped by
SHA256 5760f8e07801033ec690d78c481f9b036b847f286c9696942472eca1a863daf5

Comments