MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc4a75a27a80dd0c34ed04f12235a3424715b7c546b530e138b58aaf0af69f90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc4a75a27a80dd0c34ed04f12235a3424715b7c546b530e138b58aaf0af69f90
SHA3-384 hash: f27fa61c4b58c97c89831d45fc35c08cac6c1a21bb309994d7ce6e1650818bea58262316101881203757c9066cbd523a
SHA1 hash: 232e689858d7e4367acf4910620a95b0cee040ec
MD5 hash: 4ff30eb5d68be2da4f1ea33f866544cf
humanhash: lion-ten-alanine-hawaii
File name:QUOTATION.exe
Download: download sample
File size:1'679'997 bytes
First seen:2021-04-07 05:55:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 18bc6fa81e19f21156316b1ae696ed6b (51 x Formbook, 24 x Loki, 9 x SnakeKeylogger)
ssdeep 49152:MjViiD3Vxdnv5J15NOWTzJNnfh6A4/GmXmY:gv5J4WrnfEAiF
Threatray 3'833 similar samples on MalwareBazaar
TLSH 1D75230BB56C979EDA8486B1763E1338822DAF4706646C90BFD5FE2D313218DAE531E1
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gmail.com
Sending IP: 103.89.91.236
From: shahabamorico@gmail.com
Subject: RE;REQUEST FOR QUOTATION
Attachment: QUOTATION.zip (contains "QUOTATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
QUOTATION.exe
Verdict:
Suspicious activity
Analysis date:
2021-04-07 06:29:35 UTC
Tags:
installer
Link:
https://app.any.run/tasks/9e736504-4aaf-4b11-a8b7-8cd9fc3a23b0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/132760/
Detection(s):
SecuriteInfo.com.Dropped.Trojan.GenericKDZ.74004.9490.17860.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Unauthorized injection to a recently created process
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/668335
Signature
Contains functionality to prevent local Windows debugging
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Initial sample is a PE file and has a suspicious name
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected Generic Dropper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc4a75a27a80dd0c34ed04f12235a3424715b7c546b530e138b58aaf0af69f90/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 05:56:08 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrfhlit2qdoqynhnatysenndijdrln6fi22tbyjywwfk6cxwt6ia._file
Verdict:
unknown
Similar samples:
22916cd876516df90c959904823fbc25a331cd7f8e70343cc05f4674128f07e1
686eca2834dd77a34fa608e4cd4507c6ac57613a41a705ad848b81fe8dbfcec4
69da362bf57fa6f564c65d2df60c41c222c23a5296a8f48efe9e2e72ce58373f
79cf1acaf9b7a819bb68f28a23ed571a1cb1e517e09e3dde87614829ae7177d8
8c35b3d63f5644c97f5e9a1215ac4d9a4486eb78ff8a1410da52fa6853c99bf8
97a6b33da5bd1caba8bf16c1a6457bda8b50ccc25d154962e53d437a8c35661f
a115e321c5902daa72854362422ea2a6cafbc5c7fcadfad0b8d03944d14e32e8
ab703a3bc7d05c62bcc127febfd82a7903a47f45664b5195ada070eb748d5b25
b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95
eeb94d0ce7213c5b8c070a7df59ba79aaf8248361922980368c31295c6641aae
+ 3'823 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210407-2rrm8z4lws/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Unpacked files
SH256 hash:
cc4a75a27a80dd0c34ed04f12235a3424715b7c546b530e138b58aaf0af69f90
MD5 hash:
4ff30eb5d68be2da4f1ea33f866544cf
SHA1 hash:
232e689858d7e4367acf4910620a95b0cee040ec
Link:
https://www.unpac.me/results/e0976672-105e-4e1b-9830-886121ad6c88/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.57
Link:
https://yomi.yoroi.company/submissions/cc4a75a27a80dd0c34ed04f12235a3424715b7c546b530e138b58aaf0af69f90

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip af345ba105bdf6a7015248d032984f79afef8b19e700235578522d279322801b

Executable exe cc4a75a27a80dd0c34ed04f12235a3424715b7c546b530e138b58aaf0af69f90

(this sample)

  
Dropped by
MD5 144ed9c7b681b58e6fb69a86aedbb859
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 af345ba105bdf6a7015248d032984f79afef8b19e700235578522d279322801b
Cape
Cape
https://www.capesandbox.com/analysis/132760/

Comments