MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9b01be2a81ab5a5c37c896735350a97263c47181a69ecd3a7f2ad3d1007ff36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b9b01be2a81ab5a5c37c896735350a97263c47181a69ecd3a7f2ad3d1007ff36
SHA3-384 hash:	c070d4619074221ab6debcf723385f02d8b5164bb29a506f5bbd11a006949255858b777cb547caa1157bcf0a1f7bdf27
SHA1 hash:	66b528e492ac8ad5953d9cb0ac0653446d01671d
MD5 hash:	aa2126b3c94dec4c6d1a53ce5427dc45
humanhash:	gee-social-arkansas-bulldog
File name:	QUOTE 002242020.gz(~377 KB).exe
Download:	download sample
File size:	544'768 bytes
First seen:	2020-08-18 11:16:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:XNl4EcmZHAFaxmVmie9bngPLpTRMAJ31tt+58ea1x+28CDSCc:34EcmZHAFaxmVmie9bngPLgSFPe8jlSd
Threatray	161 similar samples on MalwareBazaar
TLSH	5DC4F25C3490B1AFE9ED8DB66C685C24A3A02727021BFF078D53B5F587DD6E29E0406B
Reporter	abuse_ch
Tags:	exe

abuse_ch

Malspam distributing unidentified malware:

HELO: ghhaewae.com
Sending IP: 103.99.1.143
From: Nazmul <nazmul_mzm@ghhaewae.com>
Subject: Re: AWB & Commercial Invoice for Catalog sample, Buyer- Columbia
Attachment: QUOTE 002242020.gz~377 KB.zip (contains "QUOTE 002242020.gz(~377 KB).exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

57

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47729/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching a process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b9b01be2a81ab5a5c37c896735350a97263c47181a69ecd3a7f2ad3d1007ff36/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-18 11:17:09 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xgybxyvidk22lq34rfttkniks4tdyryydju6zu5h6kwt2eah743a._file

Verdict:

unknown

Similar samples:

04a7203b1d0850b5529cec178e1ba4201f06c7ff295ef20ad774fd934b0aac2f

058d448bd4c8d01107dbfe15cc04d8fd999bf6a1a23d4d2d680d58c428041457

4782a17b8718efad4ea163a125de878b97dceb4fe07cd4a21032c653fb7fb501

51868d20e4a12a9c843de2e2265cd8fc72577d511d73a5451e8b891654e546bf

60b9cde6401ecf9801a24c69f61d155290a580ea053161d215242113a7d3a9d9

a4224566ad33fb26f7bcbdd33a0b08cfe2521d400223bcf20a40bc345e4279de

a72fad6bdee764f3157dd34661dc5d1938e230d6f7a04f92c9f84188ad837553

b8be0143a14abf58e652378a7206bd15705c7994e322d5e789e6f22b60b9dbdf

bcfe28b074cc1d9b0fb7896ee3eb4d28c240bee33cb76578f0f9f1ef90ab92e6

c5df3c7e944f4f367f05546bcf2a661db13dae555a585f16b7599d35cb12213e

+ 151 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200818-5he31ga92s/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 89a05bf3bbb28948748be4c485b5694e809b9c1f6268e46b2d99aae706f6c455

exe b9b01be2a81ab5a5c37c896735350a97263c47181a69ecd3a7f2ad3d1007ff36

(this sample)

Dropped by

MD5 6081792c45f97da732e2d84ccc06885b

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/47729/

Dropped by

SHA256 89a05bf3bbb28948748be4c485b5694e809b9c1f6268e46b2d99aae706f6c455

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample