MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60b9cde6401ecf9801a24c69f61d155290a580ea053161d215242113a7d3a9d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60b9cde6401ecf9801a24c69f61d155290a580ea053161d215242113a7d3a9d9
SHA3-384 hash: f2772e231b44abf0ccad7d802dd4c0caa21d3a314c31acebb05122a952f1692ccd8312555f6e1785a502e26da84dd79f
SHA1 hash: 9f7e01a5bbdbe4d9aec42d44947faf0edee0cfab
MD5 hash: 5bfb529583005db01cf086e5e048aedc
humanhash: xray-colorado-table-april
File name:invoice copy.pdf.exe
Download: download sample
File size:574'976 bytes
First seen:2020-08-18 11:08:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:1m4EcmZHAFaxmVmie9bngPrz8RRkTc1Kuc+CenhDHQiHObo5LHLduthNhmtfPU69:U4EcmZHAFaxmVmie9bngPUrP1Xc+Ceh7
Threatray 70 similar samples on MalwareBazaar
TLSH DBC4F18C34B0B16FE6EA9EB5AC642D3047613327431BFF074D6359E097DEAD29E044A2
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alkuhaimi.com
Sending IP: 37.48.85.226
From: Financial Manager <rud-division@alkuhaimi.com>
Subject: FW: 回复: paid invoice
Attachment: invoice copy.pdf.z (contains "invoice copy.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47707/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60b9cde6401ecf9801a24c69f61d155290a580ea053161d215242113a7d3a9d9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 23:37:22 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mc443zsad3hzqancjru7mhivkkiklahkauywduqveqqrhj6tvhmq._file
Verdict:
unknown
Similar samples:
14537de8568175e9905dbca8728e46383b969a4df71c245f59454e6abf2056e0
27d13ec8af85a7f7243aa5e0ec5fed2dd3ddf9d781fddfc00301b1317c245de8
58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569
a72fad6bdee764f3157dd34661dc5d1938e230d6f7a04f92c9f84188ad837553
a8d70892ef7ee47285c81177411ad8f089d8f025ff39d1b855dea18db3eda1d6
b9b01be2a81ab5a5c37c896735350a97263c47181a69ecd3a7f2ad3d1007ff36
ba739024a4d86294decd11b769dc20bee8fbc9728b17ae35282682114d397c49
d34d2c3fe83f82a8a0faa213fe60202f765aadf5895fbe12996d40db44afadc5
e0ea939ef71c66995928e05178d2cb87196135a26498cbe23c1c70b515aeacc0
f9d090bd85858fb63dc8b9c378b2c94a1a4419651bd8d658786391947e7e01d2
+ 60 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-59g21e2jqe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z fd3839c5c9d4c6aad7dde1f4d338e58ea1e58b4810680375f7edebe62858031b

Executable exe 60b9cde6401ecf9801a24c69f61d155290a580ea053161d215242113a7d3a9d9

(this sample)

  
Dropped by
MD5 12674c604ff5b3f9017482724bcf516e
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47707/
  
Dropped by
SHA256 fd3839c5c9d4c6aad7dde1f4d338e58ea1e58b4810680375f7edebe62858031b

Comments