IrishMASMSApr 23, 2024

the #malware for today was a unique upload to #VT
Under the guise of an #RFQ sourced from 155.94.211.180 - our "friends" at #quadranet #quadranetIsACesspool #quadranetDoesNotRespondToAbuseComplaints

Archive unpacked: RFQ.PDF.lzh (#application/x-rar-compressed; version=4, 790.57 kB)
#MD5:
bfd11c09d12e016a72838e3368da964a
#SHA1:
00654c1b168a06474a3a9d1ea24565f75ccb219f
#SHA256:
127363d38a9a18187a0e9244d31ab1804bc25c32638d207b53e4bdfdde44e14e
#sha512:
e221f2d41f1448325a0652c69650b7abc50e10419230659929044f103b39abc01265be9fa7c7e5af80f06a2077911d409cccda86d2581d899aa67920d5c6eaa4

Detected malicious per https://www.filescan.io/uploads/6628249675339da04f9d43fb
expands to RFQ.PDF.exe
https://www.filescan.io/uploads/6628249675339da04f9d43fb/reports/1bab72f3-3ef2-4462-8437-79e946c52bee/overview

#VT has 30/64 for detection as #trojan.#zmutzy/autoit
https://www.virustotal.com/gui/file/127363d38a9a18187a0e9244d31ab1804bc25c32638d207b53e4bdfdde44e14e/detection/f-127363d38a9a18187a0e9244d31ab1804bc25c32638d207b53e4bdfdde44e14e-1713906829

#spammers #scammers #malicious #suspectfiles
#malware #triage #ioc #_ioc #infosec #informationSecurity #IncidentResponce #IR
#spam #infosec #infomantionSecurity #virustotal

Filescan.IO - Next-Gen Malware Analysis Platform

Submit malware for analysis on this next-gen malware assessment platform. Filescan GmbH develops and licenses technology to fight malware with a focus on Indicator-of-Compromise (IOC) extraction at scale.