MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c88edc06d9929ca8f269e113bac17fed103603e5de794c3ae13cebc184a8a0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c88edc06d9929ca8f269e113bac17fed103603e5de794c3ae13cebc184a8a0d
SHA3-384 hash: 5172262f604d2367877fc12b0b5efaa47c507f9380156d03ec2d25d87dc0744154f8da71690d21474db7a6fbf9a4ff0c
SHA1 hash: 0010f20379c3be3a8232545875e78c8dc6c8dd25
MD5 hash: 1fe340b7b6df86d116a365f510a3d793
humanhash: cup-hamper-idaho-bravo
File name:Betalingsfactuur.exe
Download: download sample
File size:1'116'160 bytes
First seen:2020-08-17 19:01:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:+vkiOcS2sX+eSSGPqWoqXcSmquA7m1xSXdV+X:+vkxd+4GPJoj
Threatray 28 similar samples on MalwareBazaar
TLSH C835D053534DEF2BD1BE42FBA0B6440A8B70C6A1918FE3DA19CE75B01DD33694DCA1A4
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.ajlogos.es
Sending IP: 91.142.220.142
From: AXA Bank Belgium <payment@axabank.be>
Reply-To: s.peters.edur@bk.ru
Subject: Re: PAYMENT.
Attachment: Betalingsfactuur.zip (contains "Betalingsfactuur.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47308/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/434697
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c88edc06d9929ca8f269e113bac17fed103603e5de794c3ae13cebc184a8a0d/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 10:27:25 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tseo3qdnteu4vdzgtyitxlax73iqgyb6lxtzjq5ocphlygckrigq._file
Verdict:
unknown
Similar samples:
33bba4987ed156603ef0d3d38b149b2f3d0bed4d52adf5615a6d19013cb7a94e
416f9746f079b7af4180264d06ce55b88b1547d9a9da8db352e06a13aa5cf4a1
92f26df2b8881b2971127cc9bd67d17924b895e4124092d49fdc6ebe4d362620
97ef7a7690afb5dbccd0a14256d42742cbf3954901d9faf241b41bbd28e68d97
b3f05c91372f9d3ea369661aa0adfbefd629b98f1d1ab6cd9c2d271ef712fdf1
e2d8bfec4161287caf4f118ec66daaceb71c6fdda1b4aa16f8810f8a66f59013
e2ff7c5e749d36ebfcc2a9d5af487369e454ef301a859eb8fc11ebe15ea73e34
eda59e537d5c4a0e2b8102f067c91a38e8d8aaa7f73a7432555614e714ee5bbf
f18bf944f9365beda201e63d97f1b93139994d9cef424f855d691cf797c33d0f
f448b48505882a50dd6e5f08020280129dca9ef8c41fcdbd0f46655499ff49b4
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200817-625vnwe3vx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/9c88edc06d9929ca8f269e113bac17fed103603e5de794c3ae13cebc184a8a0d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 1e0f284e4bf42e978a493cde4a35c5f888815842ae8fb9a2d0d6d64549304b7f

Executable exe 9c88edc06d9929ca8f269e113bac17fed103603e5de794c3ae13cebc184a8a0d

(this sample)

  
Dropped by
MD5 ee2436f405c110da49ebfeaf8ab6be96
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47308/
  
Dropped by
SHA256 1e0f284e4bf42e978a493cde4a35c5f888815842ae8fb9a2d0d6d64549304b7f

Comments