MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 812cdbdfa256af3a059c4016d47017c6a2b3a13790f077eb637493b76e9ec546. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 812cdbdfa256af3a059c4016d47017c6a2b3a13790f077eb637493b76e9ec546
SHA3-384 hash: 12625ae4417f11dda0f06ed1b5d9ec10818cd4bd5f133e83a05f18f8f9a3032143125ef78757d27cd86e5279c20b3ec1
SHA1 hash: 480f6e595c295ba48f200f0939034e93ccb4ac83
MD5 hash: 21b3bfa8c21c5d7f0bea6dedec4c6029
humanhash: six-robert-lithium-equal
File name:DRAFT2-COPY736353PDF-BILL-LADING.scr
Download: download sample
File size:624'128 bytes
First seen:2020-06-03 05:34:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d7dd6fa75115d9909f747434e40fff68 (173 x RedLineStealer, 10 x DCRat, 1 x CoinMiner.XMRig)
ssdeep 6144:n3e21Tsmg79Z+pog+EZ2ddulFXqmuFUVbKAcyxjnXEAH/qe3YGroxc0wYSqVqGGg:3eQhz/zl92ycKnye3XeA7YO+esTCmj
Threatray 5 similar samples on MalwareBazaar
TLSH 3CD47BD1FA455999EC1707F6193A9A2010B77EBC55F4810C30BA7E2776F338324AAD8B
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.AsprotectSke-6
Create hunting rule

PUA.Win.Packer.AsprotectSke-1
Create hunting rule

PUA.Win.Packer.AsprotectSke-4
Create hunting rule

PUA.Win.Packer.Asprotect-3
Create hunting rule

PUA.Win.Packer.AsprotectSke-5
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/365871
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Veil
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:27:22 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qewnxx5ck2xtubm4ialni4axy2rlhijxsdyhp23dosj3o3u6yvda._file
Verdict:
malicious
Similar samples:
2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f
956a4834f9fd06b41877a81e7edb083994d53daae9739fcfb8d4f82203105414
a0fd9cf6002a8f7503dd47682be0dca44ffb66157c910ada1ffc360c2d7d70a6
d2edc352a2a157c1ac51e314039ca894958635959d905900755992eed6a13256
f4bf1d1294fcdebf960a81bc8bdf14edb488c4d844a90ab100a1d5354f8cd443
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6kc14a723s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

add7a8cfc2b1f6ca9faf712291ff13785bee63d0abab45998ea66668bb049206

Executable exe 812cdbdfa256af3a059c4016d47017c6a2b3a13790f077eb637493b76e9ec546

(this sample)

  
Dropped by
MD5 e7ae45afda1958f135fdf64af469d4fe
  
Dropped by
SHA256 add7a8cfc2b1f6ca9faf712291ff13785bee63d0abab45998ea66668bb049206
  
Delivery method
Distributed via e-mail attachment

Comments