MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de
SHA3-384 hash: 430eb01f57d44a133ab2f6f4b56939740315751e45e69e4c3ba6266bc95fab8e12830dc4914b61093ed2421cb99c5ab9
SHA1 hash: 69867784cadaf59e422d1a0b1be0f5d90703009e
MD5 hash: a53505b92276a3cd3556b692ffdf81e2
humanhash: tango-aspen-golf-wolfram
File name:유티아이테크-발주서 송부의건.exe
Download: download sample
File size:430'080 bytes
First seen:2020-08-18 11:52:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:+Hre4EcmZHAFaxmVmie9bngPUP63cDoMgcIU8imrjWKGKagOQngGII6PfTvJTC:se4EcmZHAFaxmVmie9bngP2lDoMgcIU9
Threatray 71 similar samples on MalwareBazaar
TLSH 6394E0AC3490B2AFD6E94DB5A864AC3483A13327430BFF078D5365E057DDAE6AF44097
Reporter abuse_ch
Tags:exe geo KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm44.hanmail.net
Sending IP: REDACTED_DOMAIN]t [203.133.180.232
From: KS테크 <kyung9628@hanmail.net>
Subject: 견적 요청의
Attachment: 유티아이테크-발주서 송부의건.iso (contains "유티아이테크-발주서 송부의건.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47778/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 09:32:04 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6m3kyfm45hy4iw3rndquvms6qsrap7bslu2w3vulonrvheti3pa._file
Verdict:
unknown
Similar samples:
14adf4dd13033d8ed032a7ebd489a056752df681ec958d92b92d8776d0387f7e
498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070
5f999e74c034f2e59b2054aa04f9a592cb15f0259d43a67922fd7997ad451240
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8
a4224566ad33fb26f7bcbdd33a0b08cfe2521d400223bcf20a40bc345e4279de
c423ac5f46b00241341cbb50db700f5d2a53f0f92f5000d7a9bf9be1ef93c383
d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae
fb764def7db7639577aaf3991926ccfc30be6720af017184c729e4c6733e15b4
+ 61 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-rf6xy9ec7x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar c3ef6e2dd0dc61588a81f7214c0e6af0b1c46cebc055eaa3a5fe546196211948

Executable exe 1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de

(this sample)

  
Dropped by
MD5 736dec05e1e454e994f0c1598974315a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47778/
  
Dropped by
SHA256 c3ef6e2dd0dc61588a81f7214c0e6af0b1c46cebc055eaa3a5fe546196211948

Comments