MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8
SHA3-384 hash: 23d928bd1780ccff7ccfc195f95df9af314774a25c4d6f4b4769f2b9529ac202c5f47f04b27c38dbd5e29f80e45c2d19
SHA1 hash: c62ba187383ac4d5b2752b4a1842b7bddb03be75
MD5 hash: 8594ea9c881c29925f6941ce3e5a477e
humanhash: victor-illinois-leopard-orange
File name:Item_Sheet_8162020_PDF.exe
Download: download sample
File size:546'816 bytes
First seen:2020-08-18 11:02:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:iu4EcmZHAFaxmVmie9bngPfzqnm9RV4C0pBg3NGnGRMWBH7oX6hV3EcPe:T4EcmZHAFaxmVmie9bngPfui6pB2NDfR
Threatray 167 similar samples on MalwareBazaar
TLSH 8FC4F15D3490B2AFE5E94DB6AC645C3083B03367061BFE479C13A6F497DDAE1AE040A7
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: bizwaytrade@cyber.net.pk
Subject: Re: REQUEST FOR QUOTATION
Attachment: Item_Sheet_8162020_PDF.gz (contains "Item_Sheet_8162020_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47699/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:04:06 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rsnox5dgfy3zw7jhf4tfp4xznvbgcmv6eo5zlwty64dqshe2ll4a._file
Verdict:
unknown
Similar samples:
03bd2e000f7901a07affedeac4d001a701bb3b1d6f332cde9314d156cc7689ac
14adf4dd13033d8ed032a7ebd489a056752df681ec958d92b92d8776d0387f7e
375746decd0d1a3572b6df19ca831f92058ebf8973103b97405c395aa49c5bbf
498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070
53e62aa59c2cf52be4e37efeb373cfc078457c945bcab84c938d6bb65601851c
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
ba739024a4d86294decd11b769dc20bee8fbc9728b17ae35282682114d397c49
c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf
df4f7d3dcdc0c8dd8359cfb58b30d376803f23b8927e7b4759fe601050569862
+ 157 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-tykfre6w8s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 71e9d7ded959e66f85904c9359fa88bd5742c5144179079939bacdd166262eb7

Executable exe 8c9aebf4662e379b7d272f2657f2f96d426132be23bb95da78f707091c9a5af8

(this sample)

  
Dropped by
MD5 4bdefac02ec698cb2d6b8e7faeb6ba26
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47699/
  
Dropped by
SHA256 71e9d7ded959e66f85904c9359fa88bd5742c5144179079939bacdd166262eb7

Comments