MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4320f2599b5f81fb714332fd4c804501dc91d14feec18b42ab0e37def23755de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4320f2599b5f81fb714332fd4c804501dc91d14feec18b42ab0e37def23755de
SHA3-384 hash: 90e9ca97539be6d842617f85af0e42536429489c4d8a7e062ee490aed34e1f4b48245ed8ce3d50af90a0cf9f47511b5b
SHA1 hash: 6a2368ef38386437764943997add432cc75c186f
MD5 hash: ddb10196665933567ec2a0deadc84517
humanhash: lamp-lake-double-alanine
File name:24703394900029380043-NFSe.msi
Download: download sample
File size:1'024'512 bytes
First seen:2021-03-04 19:03:59 UTC
Last seen:2021-03-04 19:32:16 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:NKKY3ZOtkTW5Q9//NzYL0SkIztdfG8NQGatA:NKKYEMXNzYL0pcfNQGaA
Threatray 32 similar samples on MalwareBazaar
TLSH 25258D21B2E6C433D1B60A746D7AE3E9542ABD201F75D49F33D85F0D1E329825932BA3
Reporter ffforward
Tags:banker brazil msi signed

Code Signing Certificate

Organisation:TestCert_2020-8-16_11-22-7
Issuer:TestCert_2020-8-16_11-22-7
Algorithm:sha256WithRSAEncryption
Valid from:2020-08-16T14:12:08Z
Valid to:2021-08-16T14:32:08Z
Serial number: 1afd1491d52f89ba41fa6c0281bb9716
Thumbprint Algorithm:SHA256
Thumbprint: 1cf0b51292549858f263cbb126f859d9d2af8664e3fa07522547e59c49fa65d1
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
ffforward
Brazilian banker, requires Brazilian locale to run.

Intelligence

File Origin
# of uploads :
2
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122345/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4320f2599b5f81fb714332fd4c804501dc91d14feec18b42ab0e37def23755de/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-04 15:26:51 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
2 of 47 (4.26%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
185e7914fb334360e83bb85bc6cdf7e3311b77f49197748b271803484050d38d
221209ea7151b399298c882daa26297c5b299f44369340d1050c82ff2b8865d8
28a1dec8440dcd046fc4bbcbce7cfb6fcb33bc744f9e4d6debe025305fc0abcb
533e5aced548178da1ba313246e0335fc73d228135ab56f40a1b4bc72fc0a134
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
9e2a79f4a93a4f337997bf6f5826dadfa703ee52cafd9303c926abb7024ce590
e9200c8a5ccb0bca2e40d3f618b056a552fbd7247396904a0d8ea70164fee886
eb9410f5031797ccc6f446cb0c0d3c6f6a6c927f990c8aa5e01f7bffaccbab09
f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17
fc1b36e39f87cff2c9076a7e8316af297255a92824338b19b69022b47a47daa6
+ 22 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210304-an5dss5nds/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Enumerates connected drives
Loads dropped DLL
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4320f2599b5f81fb714332fd4c804501dc91d14feec18b42ab0e37def23755de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/5f0f9599-9f73-4641-9ff3-6f145aea3643/
  
URLhaus
https://urlhaus.abuse.ch/url/1047311/
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/122345/

Comments