MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a
SHA3-384 hash: 98480c439ef4d4e343938ad50686c0b187d23c52fdea7b08b5f66ca533daa577aa2b9350f298c95e35f2f6519a018192
SHA1 hash: d09fdc29ce701622501207ae25f73068655dcd29
MD5 hash: ccd83521c4b261e8f554102a517b60be
humanhash: river-quebec-ohio-sink
File name:svch.exe
Download: download sample
File size:507'392 bytes
First seen:2020-08-16 08:57:04 UTC
Last seen:2020-08-16 09:31:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:YM+LDMcvv5Vz/oCfcEx4+kGYMtoo2VeVjor3mk+qa:YnPv5/f4+kGRzNVjorGB
Threatray 46 similar samples on MalwareBazaar
TLSH FDB41223B6C493A5D1BD1AB5C1A2279023F162C6E936F23C3DC56AAE52763C18345FD3
Reporter abuse_ch
Tags:exe Maersk


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy1-pub.mail.unifiedlayer.com
Sending IP: 173.254.64.10
From: Maersk <Information@maersk.com>
Subject: Your Transport Plan has Changed - Maersk
Attachment: Your Transport Plan has Changed - Maersk.xlsx

Unknown payload URL:
http://192.227.158.103/svch.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46438/
Detection(s):
SecuriteInfo.com.Generic.mg.ccd83521c4b261e8.1634.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/432207
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 08:58:07 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0d048612a3cb9e6113b539ce3bd2f08f56e604869cdb38edcf02400ae12c3a74
1f5f7921e3be739b51bead01306a9cc5dc7fec1dbc01a6784497de89afb6742c
37e399fce2caa80c9ea931f693b51a6d1c11464df1ead916cfca67f6100ad71f
77bb6489c1fd6c87f2ba80955211d0eef9be425d4e6076bd7280c6f87f9f3300
7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741
babb19e7cb06c97942ebdda46ddfe8435b8281ab8459080e0282485e02d587d4
e593655b5dafbbb4d5a991689b883d1304c8b653a714ec724d31c08ed37f13d5
ed847b13d7e0e4544eba48cd80e78a0dc002a8c46b3acb871113ad5be5f44916
f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315
f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200816-7h21wfsdme/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xlsx a7f642441d45e74279cf6ca2b19215fba0d96af586416e168796f5595b7bcaa0

Executable exe 69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/434072/
  
Dropped by
MD5 4fc23bd355952080065a693aecfe5a4e
  
Dropped by
SHA256 a7f642441d45e74279cf6ca2b19215fba0d96af586416e168796f5595b7bcaa0
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/46438/

Comments