MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569
SHA3-384 hash: 14b14c9a9eafea0f97f461889df1f0db94950f032f0857bc3846ad59a4cff988bf71cfa67e70ff2006ff1d0f140b30ab
SHA1 hash: 77baa7dbdf6487983a66f66b6438249854a659bc
MD5 hash: beadb59bc8212927146c90d37651d78f
humanhash: purple-failed-eighteen-wisconsin
File name:proforma Invoice.exe
Download: download sample
File size:428'032 bytes
First seen:2020-08-18 11:15:29 UTC
Last seen:2020-08-18 13:24:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:7Z6Ej4EcmZHAFaxmVmie9bngPvi9On/Z1ltqtVt1qGy9KeQ:V14EcmZHAFaxmVmie9bngPvOO/ZtqftE
Threatray 57 similar samples on MalwareBazaar
TLSH 3794D04C3190B1AFE9E94F71ACB41C3887A53767420BFE47895396E45BCDAE2EE04067
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: china.com
Sending IP: 103.133.106.246
From: AngelYuzhu@salab-druid-2.localdomain>, Angelyuzhu@china.com
Subject: Re:Revised Invoice
Attachment: proforma Invoice.rar (contains "proforma Invoice.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47726/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 22:11:03 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcz5lckcggrnetcfheocdqsoyauqf5nvjobwz426ktjlwize6vuq._file
Verdict:
unknown
Similar samples:
27d13ec8af85a7f7243aa5e0ec5fed2dd3ddf9d781fddfc00301b1317c245de8
4782a17b8718efad4ea163a125de878b97dceb4fe07cd4a21032c653fb7fb501
4cd437483967218c48d9af73c1f5830c4929c1d7d1e2dc7e0ed109494b12d338
53e62aa59c2cf52be4e37efeb373cfc078457c945bcab84c938d6bb65601851c
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
8107802f3247e162ca6e3f0048a9ef27535c72ddc1972a85c685dc180fbadac6
a72fad6bdee764f3157dd34661dc5d1938e230d6f7a04f92c9f84188ad837553
a8d70892ef7ee47285c81177411ad8f089d8f025ff39d1b855dea18db3eda1d6
c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-75x27dgn2j/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 90d072822c61c24fbf312e300a4711055a6c2daa854a4040f2a98f8f478ab77a

Executable exe 58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569

(this sample)

  
Dropped by
MD5 2761717791fe94aef0aace356f663b18
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47726/
  
Dropped by
SHA256 90d072822c61c24fbf312e300a4711055a6c2daa854a4040f2a98f8f478ab77a

Comments