MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d41b32f45609ba707772189d42b4417e3514a7ee058d50a0f39a226c8370101a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d41b32f45609ba707772189d42b4417e3514a7ee058d50a0f39a226c8370101a
SHA3-384 hash: cb1b0d6272f629560103cb786b62bb7704bb09e7da2991b288abc85801b3bcf33ba16b7abc1293badb3a0aad28839777
SHA1 hash: cefe8cf38c941ed2d023850084bb3ae85ccb2ec1
MD5 hash: 92d55a6136bcc74a66fceae3c3c8e64d
humanhash: nineteen-floor-bacon-thirteen
File name:RFQ.exe
Download: download sample
File size:486'400 bytes
First seen:2020-08-17 06:48:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 6144:3sI8evyrjlw4ZGrnq4ZNN7QooMpAeJq5RtUxju+t7qciu7sw+suRWKG79x:ob+NN8Ypn3xjuwqciu7URkx
Threatray 22 similar samples on MalwareBazaar
TLSH F8A46B00BEA82075E82E5E751DA714352253AD2A2E72F7DE087AB1F727B23C70117D76
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ygbamboo.co.158.90.111.in-addr.arpa
Sending IP: 111.90.158.223
From: Rachel Kang <Kang@ygbamboo.co>
Subject: Re: Request for Quotation
Attachment: RFQ.rar (contains "RFQ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46710/
Detection(s):
SecuriteInfo.com.Generic.mg.92d55a6136bcc74a.19637.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a window
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/432676
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 268635 Sample: RFQ.exe Startdate: 17/08/2020 Architecture: WINDOWS Score: 23 13 Machine Learning detection for sample 2->13 6 RFQ.exe 2 2->6         started        process3 process4 8 dw20.exe 19 6 6->8         started        dnsIp5 11 192.168.2.1 unknown unknown 8->11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d41b32f45609ba707772189d42b4417e3514a7ee058d50a0f39a226c8370101a/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 02:08:54 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2qntf5cwbg5ha53sdcoufncbpy2rjj7oawgvbihttirgza3qcana._file
Verdict:
malicious
Similar samples:
0fca6f4fa44279707d8baca71d47f79687c62f528d0e872dc27c393e15567904
15c86f03a9ef0aa9720a510fd21972a675d15c40ad3efbf52ff2e5cc9bb86c57
58691961ce7be790966ab5f9b3e9e9740af77b78a36209c8bcd6c229bb1563bf
6e204b5e206dca168575d270ae14f416d5e4a55c19361ce490c91cdd644a1672
7aa6630f2551f50849fc18f793c16fce8095c0d415816735442342c2e69634f9
7fab681c57b3f8918c974e5a436b72f9a963ae8b4d4ab5592ceb17cdb57f14f9
8b821e88c568d00613f802e79eda4c77913a09c7760dcfdd80e8886b0a8bd8f1
997ea048859835fd05d1128129c37370fa9d8144a9f264ffa3d260f549936ae1
ce87eb71c655ed8e6fa17b9db6b5ba633e468b27d1ffd2a8b931b391bad84bfd
d2fb5b8b623b7bca926fc2d6e92fa81360e2375af49a6d08ce1391282a9b4276
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200817-sahmvc4e9s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d41b32f45609ba707772189d42b4417e3514a7ee058d50a0f39a226c8370101a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar f54eb1b8f9d10ec9b427cefb324344513f4aa6cafe6a8ccc947bd06bd64af05f

Executable exe d41b32f45609ba707772189d42b4417e3514a7ee058d50a0f39a226c8370101a

(this sample)

  
Dropped by
MD5 1a0885e89829538ff4efb74846cb4685
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/46710/
  
Dropped by
SHA256 f54eb1b8f9d10ec9b427cefb324344513f4aa6cafe6a8ccc947bd06bd64af05f

Comments