MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd1a32d919982c93f90c87338d43be0ba26245407a00c3ddb897eb806d561256. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd1a32d919982c93f90c87338d43be0ba26245407a00c3ddb897eb806d561256
SHA3-384 hash: a1c0c7e99255169e0760679d4ac33f95a1d6f3000d4aea6f26653857453fbd757d749c211f684b6728604655a819d811
SHA1 hash: cdd11d4fd2dba3fc68bcd9175652828fb1f8b267
MD5 hash: 031349d08f47663a12520cfa6a7a04da
humanhash: king-edward-october-eight
File name:Dringende RFQ_AP65425652_032421,pdf.exe
Download: download sample
File size:846'848 bytes
First seen:2021-08-23 11:09:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1abe4551dd4f8ef04deab38d0027e326 (4 x RemcosRAT, 1 x Smoke Loader, 1 x NetWire)
ssdeep 12288:WhxUck0fyI/Xv94r0umLKC+pvbIAsrxPD+o8wcB:WhGdkF4r0uvnDIF5P
Threatray 201 similar samples on MalwareBazaar
TLSH T15B05AEA1D2D28473E0635BB81E0B5AE8953E7D00663C908BEBB43E855F777693CB6143
dhash icon b0b0303a34363034 (4 x RemcosRAT, 1 x Smoke Loader, 1 x NetWire)
Reporter lowmal3
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Dringende RFQ_AP65425652_032421,pdf.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-23 11:14:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a1b74e1d-c7d9-43e1-a7a1-ff1407a18fd8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181463/
Detection(s):
Win.Dropper.Remcos-9886680-0
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Banker1.36771.17657.15231.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a UDP request
Connection attempt
Sending a custom TCP request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dbatloader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6856606e-eac8-4241-bc2e-443b5191adea
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/837459
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd1a32d919982c93f90c87338d43be0ba26245407a00c3ddb897eb806d561256/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2021-08-16 08:36:16 UTC
AV detection:
27 of 46 (58.70%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xundfwiztawjh6imq4zy2q56borgerkapiamhxnys7vya3kwcjla._file
Verdict:
malicious
Similar samples:
44e3a5d07ad41e0c1e023eeb97798f0822d706abb3406b61466d32a7d29c8726
460834ec55aa694ab0d984921534e5b7111bcb024abb36f7bace052fdeb448e5
9325090b7a2b8058a946f11388db15813a8927708aa54bf9aa6b5925f2b22d1d
d4c6f300ccf9337a10d13a66a2b6b956a0e6e9673741f9b88f5811beb3a62829
fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
fe23294471a62757c45932f4c5f6196585cc44f3ce5d29649868fe49c691ffa2
+ 191 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210823-lt8a28vr9a/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
35dc1b7c1f1562578ef1db2896a647d706f749c67cd608feec049384a7b38895
MD5 hash:
08403a3dc9749684d5bc42d817f155ff
SHA1 hash:
2f21a709d39af3e6f21f8e0b353d7c81ea3bd136
Link:
https://www.unpac.me/results/569269f1-b2e6-4f69-a8c3-78017a6f0c61/
SH256 hash:
795b2b5d6668147d7924ac96f90741ddc2a2b5003f455fb842b613a286fbf8fc
MD5 hash:
53011b69a7231aea23d66805a681144b
SHA1 hash:
e3d0d157e763c865e79ccc5bedc2fd5fd90413f7
Link:
https://www.unpac.me/results/569269f1-b2e6-4f69-a8c3-78017a6f0c61/
SH256 hash:
bd1a32d919982c93f90c87338d43be0ba26245407a00c3ddb897eb806d561256
MD5 hash:
031349d08f47663a12520cfa6a7a04da
SHA1 hash:
cdd11d4fd2dba3fc68bcd9175652828fb1f8b267
Link:
https://www.unpac.me/results/569269f1-b2e6-4f69-a8c3-78017a6f0c61/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd1a32d919982c93f90c87338d43be0ba26245407a00c3ddb897eb806d561256

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe bd1a32d919982c93f90c87338d43be0ba26245407a00c3ddb897eb806d561256

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/181463/

Comments