MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04a7203b1d0850b5529cec178e1ba4201f06c7ff295ef20ad774fd934b0aac2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04a7203b1d0850b5529cec178e1ba4201f06c7ff295ef20ad774fd934b0aac2f
SHA3-384 hash: 083ac2015d22b924820d07350aeed0bd89fbc34dd63a2db7985452e9aeab41e25b5b4f30c80605f23ba6008ed2abb12d
SHA1 hash: 4c5c53908e1d9080973a9f111e19f65d5426f006
MD5 hash: db0038679c9c14dba0be0ef803248bbe
humanhash: fix-ceiling-pennsylvania-avocado
File name:Attached Revised Invoice For your perusal_pdf.exe
Download: download sample
File size:329'216 bytes
First seen:2020-08-18 12:59:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:zscOzfvqiyfjpRYVU6Q6P8XEeITTpI4EcmZHyXFaxmVmie9bngPfVQq/aT:QcOzfvqiqdR8USEX3IxI4EcmZHAFaxmR
Threatray 57 similar samples on MalwareBazaar
TLSH 7464C09C3590F16FEAF98DB56C642D344B613327021BFE074A53AAF457CEAE1AE04097
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.behzadstudio.com
Sending IP: 78.46.120.153
From: m.tork <delivery@kia-pde.com>
Subject: REVISED
Attachment: Attached Revised Invoice For your perusal_pdf.rar (contains "Attached Revised Invoice For your perusal_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47865/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04a7203b1d0850b5529cec178e1ba4201f06c7ff295ef20ad774fd934b0aac2f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 13:01:05 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=astsaoy5bbilkuu45qly4g5eeapqnr77ffppecwxot6zgsykvqxq._file
Verdict:
unknown
Similar samples:
04cfd305f0d352144e6063af7ca62241127142e7f67e079b78ce10f95e33d29e
14537de8568175e9905dbca8728e46383b969a4df71c245f59454e6abf2056e0
365158c5b07d7742569e9eae888d53c54a748a9b44adfaec80080e6487a72cf7
51868d20e4a12a9c843de2e2265cd8fc72577d511d73a5451e8b891654e546bf
8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8
9da1772fa2628569f0c6ccb0d44b1caf275a13e99421014da49a161f13d57265
a4224566ad33fb26f7bcbdd33a0b08cfe2521d400223bcf20a40bc345e4279de
b9b01be2a81ab5a5c37c896735350a97263c47181a69ecd3a7f2ad3d1007ff36
bcfe28b074cc1d9b0fb7896ee3eb4d28c240bee33cb76578f0f9f1ef90ab92e6
f9d090bd85858fb63dc8b9c378b2c94a1a4419651bd8d658786391947e7e01d2
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-wq1p2c9dcs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/04a7203b1d0850b5529cec178e1ba4201f06c7ff295ef20ad774fd934b0aac2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 3adfb73b1e8df5aa5f93b106e341450e9ce406d86a0080b32a41053f4ee26c19

Executable exe 04a7203b1d0850b5529cec178e1ba4201f06c7ff295ef20ad774fd934b0aac2f

(this sample)

  
Dropped by
MD5 cd431d3a29ad56a2e25c8915bcca6352
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3adfb73b1e8df5aa5f93b106e341450e9ce406d86a0080b32a41053f4ee26c19
Cape
Cape
https://www.capesandbox.com/analysis/47865/

Comments