MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 465eb0b9e7a55266dbb55b97c990cafefb38dc0255f246a42d816f94b9ae4e68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 465eb0b9e7a55266dbb55b97c990cafefb38dc0255f246a42d816f94b9ae4e68
SHA3-384 hash: 0a1ecdb99e6e0e474810a4d8c71454ec670b6dcdcb71dacd7adfc33a802e2cbb6ec053a685aabe0f0f782107c86fe6d3
SHA1 hash: a569e4cad4ec570892bfc11a916da044d4c7a4f5
MD5 hash: 43c369522b6967a3387ad503dcd627aa
humanhash: island-south-hamper-iowa
File name:Purchase_Order.exe.exe
Download: download sample
File size:262'656 bytes
First seen:2020-06-10 13:22:20 UTC
Last seen:2020-06-10 14:12:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:6kz0N1hs9vyTCGhVZrTnvO68rtend9+DF/Pvjr6mKJWM:6Q0N/UkFtnLQM9+DF/Pvjr6mKJWM
Threatray 7'232 similar samples on MalwareBazaar
TLSH 9A443A8D3250B2DFC867CDB689A92C24AB61A477531BC347A44712ED9A0DBD7CF106E3
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7570/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34000471.18115.19863.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 13:22:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=izplbophuvjgnw5vlol4tegk735trxackxzenjbnqfxzjonojzua._file
Verdict:
malicious
Similar samples:
24632af2c40f7670d76a42465d56891715eeadb0384df9e1ba8063451425c2a5
268ea227f9a30b6221814ba9efe354f2ab07607b6273c8b51fb33d19aa332295
2b115e42d37b2c740cf134413b64a79dd1486a08766d0d53a1fa70c9066163a3
4a2e8f13ad2ce022158574edb3ab566db4544ec1dcda648845b16bc754f4e321
7f2a8610931a1f5ff9793dcb854ca01aaa6410fb5b4dc287753c558f1b60eee1
8dbb450904a856d84c818235a7cf866809e5456fc1e3b535ba44cb91f85ebfd8
940319fc3b9389a58d0684a38e921b2283f06cd7c5f96e357428008ecfbd427e
cbaf28d8fb7addec023228bbdd6a5062e875070bc16452c15515792b78855000
cfcada9f32ecac51e844749839322ed452949ea27728fac1de34580b2319987b
ed15459a7fd8570fc69235cac35dbe1617fa919c6c09a1978df30952b2af53b1
+ 7'222 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-37r3tw2egn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/7570/
Cape
Cape
https://www.capesandbox.com/analysis/7567/
Cape
Cape
https://www.capesandbox.com/analysis/7561/
Cape
Cape
https://www.capesandbox.com/analysis/7559/

Comments