MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da896b9f2e7fdecccd952548ebb724582b7eb197365c454af6f282eec110f847. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Floxif


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da896b9f2e7fdecccd952548ebb724582b7eb197365c454af6f282eec110f847
SHA3-384 hash: 24030ece098f2036ead6c0cca44aa9c64b6e9f2b7727a03ccca048bd6cded87c0acdf6cb76af7f5f0840aa67e93e75dd
SHA1 hash: 9969992389fe86f2081e3c130b3b8ea52eb34393
MD5 hash: 67ab3639b2a1d96f583d4d5cede49cb1
humanhash: two-beryllium-black-apart
File name:Req422722.r00
Download: download sample
Signature Floxif
Create hunting rule
File size:688'877 bytes
First seen:2021-04-06 08:17:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:lDM7g9JldtKwjVOwoT5LDSzrMzitsodirzwwMPFPGZzLfi1Bxm7BxhOcaVJ1:lDM7YvKqWtDWrYsd4ww+Kri1L0xeVJ1
TLSH A1E4234FB707BB7DC45FEFD2ED1F24F9184E037A6160AAA475331C213A9A2508A7D612
Reporter abuse_ch
Tags:r00


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: relay-bulk2.stackmail.com
Sending IP: 185.151.28.79
From: Sharon Namayanja<jamshed@dreamnw.com>
Reply-To: Sharon Namayanja<xyris.choii@gmail.com>
Subject: RE: QUOTE
Attachment: Req422722.r00 (contains "Req#422722.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.421101.14465.17675.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/da896b9f2e7fdecccd952548ebb724582b7eb197365c454af6f282eec110f847
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da896b9f2e7fdecccd952548ebb724582b7eb197365c454af6f282eec110f847/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 08:18:10 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3kewxhzop7pmztmveveoxnzelavx5mmxgzoeksxw6kbo5qiq7bdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/da896b9f2e7fdecccd952548ebb724582b7eb197365c454af6f282eec110f847

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Floxif

zip da896b9f2e7fdecccd952548ebb724582b7eb197365c454af6f282eec110f847

(this sample)

Floxif

Executable exe c4bd358aa9e15948a2713549f109f65124e5911aefa709e921da094aac16a163

  
Dropping
MD5 190891c13990b5c20562239adbd15415
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c4bd358aa9e15948a2713549f109f65124e5911aefa709e921da094aac16a163

Comments