MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070
SHA3-384 hash: 6e59eef5a6080a5a7e89b314e31d8221781bc0b1b8f85ab893116c71077373e88a74eb793fc39977db862904d18840ae
SHA1 hash: 3abf9a2e91ae21bc115f2a26d9986b1208862750
MD5 hash: f20d1b71846806017ca6a0a2b69aceeb
humanhash: monkey-snake-march-delta
File name:01004218200.exe
Download: download sample
File size:533'504 bytes
First seen:2020-08-18 11:12:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:hO4EcmZHAFaxmVmie9bngPhLVehvyEXxUR8XnvsRnACGnAIGKeiG:84EcmZHAFaxmVmie9bngPhAtBX7kRGrm
Threatray 167 similar samples on MalwareBazaar
TLSH 8DB4E14C3490B09FD9F98EB5AC941C3887613363021BFF075D53A9E497DE6E6AE014A7
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: srv.gruposafety.pt
Sending IP: 176.61.147.193
From: Consultations Transfers Exterior <ConsulTranExte@bcp.com.pe>
Subject: ANAHUE CATUNTA ELIAS // Swift
Attachment: 01004218200.zip (contains "01004218200.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47720/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 03:05:08 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jghigaj4s6ap72pznknzhyjmosxqxxvuqynnibpyyfs4zfawkbya._file
Verdict:
unknown
Similar samples:
03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac
14adf4dd13033d8ed032a7ebd489a056752df681ec958d92b92d8776d0387f7e
1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de
27d13ec8af85a7f7243aa5e0ec5fed2dd3ddf9d781fddfc00301b1317c245de8
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8
8e86d9234855b1ecd39a173027ac4486f443b4eb1896e28e8b2e79212107e762
a8d70892ef7ee47285c81177411ad8f089d8f025ff39d1b855dea18db3eda1d6
d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae
+ 157 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-48wkmvv16j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip f8f4a773ab88027e5d32e6d158ff9cafc1dc9107c0850a4e846bed57b59b7d01

Executable exe 498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070

(this sample)

  
Dropped by
MD5 718b314a8e85987a951fb9a3ac4966a5
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47720/
  
Dropped by
SHA256 f8f4a773ab88027e5d32e6d158ff9cafc1dc9107c0850a4e846bed57b59b7d01

Comments