MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac
SHA3-384 hash: d50d853a55eada320d1a86ec5a2b55d166f7024e5843428751008292f608983e852f97467663470d9d30bdb9e1098072
SHA1 hash: dd26c30b2674ba4aa984ee3845045d266ac2a755
MD5 hash: d6c8918151f310aac3444047553ef711
humanhash: five-december-delta-november
File name:Payment.exe
Download: download sample
File size:479'232 bytes
First seen:2020-08-18 12:13:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:5OLTFaAHn/C2SlEywlvIQAmYjzGqP4K5e9DRvR24EcmZHAFaxmVmie9bngPq5:chFZeQAmYjp3IR24EcmZHAFaxmVmie9M
Threatray 165 similar samples on MalwareBazaar
TLSH 0EA4E04C3090B2AFE9EA4EB6AD541D3447613327421BFF474D63A5E497DDBEAAE00093
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gokosha.co.jp
Sending IP: 185.222.58.144
From: Jennifer Phuong (Ms) <chan@gokosha.co.jp>
Subject: PO - RFQ # 202055 PO 2020764
Attachment: Payment.zip (contains "Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47817/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 00:36:42 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ao6s4aappea2a6x75xvmjuabu4a3woy5n4zszxutctivntdwrgwa._file
Verdict:
unknown
Similar samples:
14adf4dd13033d8ed032a7ebd489a056752df681ec958d92b92d8776d0387f7e
27d13ec8af85a7f7243aa5e0ec5fed2dd3ddf9d781fddfc00301b1317c245de8
498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070
53e62aa59c2cf52be4e37efeb373cfc078457c945bcab84c938d6bb65601851c
58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569
5f999e74c034f2e59b2054aa04f9a592cb15f0259d43a67922fd7997ad451240
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8
b8be0143a14abf58e652378a7206bd15705c7994e322d5e789e6f22b60b9dbdf
ce80af98fda09bf24006e478aca3f2bdc6e496a293223116b0da19d7aa2073cd
+ 155 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-z5sw9pwpdj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 45b3f1d38ebf562468ecb35248f517976d119812dfb7373139c8225318083402

Executable exe 03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac

(this sample)

  
Dropped by
MD5 dd7d9386845d824c9c676ff732bef1cf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 45b3f1d38ebf562468ecb35248f517976d119812dfb7373139c8225318083402
Cape
Cape
https://www.capesandbox.com/analysis/47817/

Comments