MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db2fcaac7f3c3baa61adb321337865f20b72966079acde4295c6e80a2069cfd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	db2fcaac7f3c3baa61adb321337865f20b72966079acde4295c6e80a2069cfd9
SHA3-384 hash:	45f158e3488904aa4d78f99139dd5dba7bfa565119bf1e5a2042ee199428aa91137337c061c4e92d5d0423785c0240e2
SHA1 hash:	020bbbff5b087ed3dff4d0af5d34e9fcf325480d
MD5 hash:	f43cd48ac8af6c7374b55e9899a21270
humanhash:	equal-mango-single-video
File name:	Quotation.exe
Download:	download sample
File size:	205'608 bytes
First seen:	2020-10-05 13:11:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	1536:SF7m493A8zvmQY8C7bQXyHabp54aQ3JRaCAd1uhNRQ6MUfsj:P4SWmQY8C7bQXy6bbTQHAt
Threatray	3 similar samples on MalwareBazaar
TLSH	0E1496167F448431E4A50E312B65E69D2324B9A9D8038E9B71D07EDFFFF1AC58E12272
Reporter	James_inthe_box
Tags:	exe

Code Signing Certificate

Organisation:
Issuer:
Algorithm:	sha256WithRSAEncryption
Valid from:	Oct 5 01:01:20 2020 GMT
Valid to:	Oct 5 01:01:20 2021 GMT
Serial number:	E1FA267BB7AA92DED7A6928D508D9412
Thumbprint Algorithm:	SHA256
Thumbprint:	0CDA939C92969EDD0A709BF973F9E26FE5FED95F5EEA4EAE6E05C696763C8663
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68228/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Launching a process

Creating a window

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/481522

Signature

Initial sample is a PE file and has a suspicious name

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/db2fcaac7f3c3baa61adb321337865f20b72966079acde4295c6e80a2069cfd9/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2020-10-05 07:13:47 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

21 of 48 (43.75%)

Threat level:

5/5

Verdict:

unknown

ad5ac1f1751d612b164dfb0b3d81e551799bf5617bbbe380c8d2288bae801833

bc2e03ca292da305602c8755453fa87073810a6359f2ec9a0935fe3bb51ef886

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201005-kndz58tf52/

Behaviour

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

db2fcaac7f3c3baa61adb321337865f20b72966079acde4295c6e80a2069cfd9

MD5 hash:

f43cd48ac8af6c7374b55e9899a21270

SHA1 hash:

020bbbff5b087ed3dff4d0af5d34e9fcf325480d

Link:

https://www.unpac.me/results/b0a9e377-86eb-42a4-b9c3-b73982faae98/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/db2fcaac7f3c3baa61adb321337865f20b72966079acde4295c6e80a2069cfd9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/68228/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample