MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb
SHA3-384 hash: 41aed8f3d9aeccbe759bc2b9312777ec7b3b698ca8b224c45343dddbef1bb6c5d23894666319fd1ec4cd92154ba01e98
SHA1 hash: d34bb21409357a15d4a8dfc1f36a3fa49d114349
MD5 hash: fa70c7ddd9e4efd40d15cf5368485939
humanhash: white-hawaii-connecticut-triple
File name:attached PO 30745.exe
Download: download sample
File size:424'960 bytes
First seen:2020-08-18 11:55:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:5v4EcmZHAFaxmVmie9bngPlju7/y3GOLWBN2XP/dvFBv/17NxVluSLp:h4EcmZHAFaxmVmie9bngPl6/cLsY9N/t
Threatray 148 similar samples on MalwareBazaar
TLSH E594D05C30D1B1AFE5EA4DB57CA42C3857E1272B021BFE078953EAE197D96D2DE00097
Reporter abuse_ch
Tags:exe GMX


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mout.gmx.com
Sending IP: 74.208.4.200
From: Admin Danny <euphyfotiles@net-shopping.com>
Subject: Re: Reconfirm invoice
Attachment: Invoice for onder 20200712.zip (contains "attached PO 30745.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47782/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:57:05 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qs7vd65ytp533lv3a6wapsarhpoe3kgmbcmgsifiaw5lw2rgxk5q._file
Verdict:
unknown
Similar samples:
06eb97d52358e09f7c5ee8913149bd830580e9057809e81fee718759db301687
14adf4dd13033d8ed032a7ebd489a056752df681ec958d92b92d8776d0387f7e
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
6ed38f127b3a25cff62c0855aeba85a7134a400b1dd4ef06412c2a96729b9991
a72fad6bdee764f3157dd34661dc5d1938e230d6f7a04f92c9f84188ad837553
af2d6d812f5d65da8c0fc8b46de6573bf41f03e39f7abcda4016838854ee592e
ba739024a4d86294decd11b769dc20bee8fbc9728b17ae35282682114d397c49
c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf
f9d090bd85858fb63dc8b9c378b2c94a1a4419651bd8d658786391947e7e01d2
+ 138 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-bnq9t4ysw6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4

Executable exe 84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb

(this sample)

  
Dropped by
MD5 aa1692e5ace5a2f72fe0e8dbbae76b6e
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47782/
  
Dropped by
SHA256 cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4

Comments