MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf
SHA3-384 hash: 9391fbb1eb1bf2ea9aa89ad3c1d67e226af45c13491bf9ce907736b72c10099225f7d0d2039580699187c6563f267e86
SHA1 hash: fd0c75732c94f24e32a489a7eeb2178ec34f0895
MD5 hash: 97ecff6243562e2d74454fe989e72959
humanhash: november-nebraska-mockingbird-bluebird
File name:gunzipped
Download: download sample
File size:507'904 bytes
First seen:2020-08-18 11:49:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:UggdI1wDe5ugXU3WAiYcp+ecKdR/Yz4l9VC4EcmZHAFaxmVmie9bngPK:vf1vQhpDePdZYz444EcmZHAFaxmVmieq
Threatray 163 similar samples on MalwareBazaar
TLSH 18B4E15C3490F1AFDAEE8DB5AC702C38536123670217FF079963AAE497DDAD19E040A7
Reporter abuse_ch
Tags:Endurance


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy3-pub.mail.unifiedlayer.com
Sending IP: 67.222.38.20
From: Prashant S. Patil <prashant.patil@grindmaster.co.in>
Subject: Purchase Order
Attachment: Purchase Order.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47774/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 01:11:27 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zfam2qbhgcbq7toak3hwzgk6vdhgaxfnfcpdktcpqrzossrvrg7q._file
Verdict:
unknown
Similar samples:
3342139f47df082fc20b738eec263c9d4469bfa0d00677c0eb9cf2703aaf9564
53e62aa59c2cf52be4e37efeb373cfc078457c945bcab84c938d6bb65601851c
58b3d5894231a2d24c45391c21c24ec02902f5b54b836cf35e54d2bb2324f569
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
8107802f3247e162ca6e3f0048a9ef27535c72ddc1972a85c685dc180fbadac6
84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb
89af10238032ab225e998887850c3910abd7183e67018abfe56b0bdebf2d50d9
8e86d9234855b1ecd39a173027ac4486f443b4eb1896e28e8b2e79212107e762
d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae
+ 153 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-gnxyvtmqgs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6

Executable exe c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf

(this sample)

  
Dropped by
MD5 289efd3ad437389e770dd2f56cd6076b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6
Cape
Cape
https://www.capesandbox.com/analysis/47774/

Comments