MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae
SHA3-384 hash: 58c9fb0c5872454f6ca11c7545778a6969f467d1a281fc4806435194ed61736da1376c25cb6ba9ae6102aca5c5ae80b7
SHA1 hash: c71988cc79a394c6fd3509c8490f38d506ff6d7b
MD5 hash: 720dae45271228953e42fc7b8642c51e
humanhash: arkansas-washington-gee-nebraska
File name:INVOICE.exe
Download: download sample
File size:503'296 bytes
First seen:2020-08-18 11:18:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:PT4EcmZHAFaxmVmie9bngPY8FEkPujtbC94KLWm/sdOEJ2EFLbSm+MxxGs:b4EcmZHAFaxmVmie9bngPYcEVbHKLW/K
Threatray 166 similar samples on MalwareBazaar
TLSH 2EB4E15C34D0B1AFDAE98EB5AC546C2443A0232B421BFE074E57E5E49BDD7E2EE04097
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.ipadmial.com
Sending IP: 212.114.52.31
From: accounts dept <accountsp123463j@gmail.com>
Subject: fwd: Overdue Invoice
Attachment: INVOICE.pdf.rar (contains "INVOICE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47735/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:20:06 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2as6rqvcbtnkezp2gv2ufvdi2cnn4677fjzqjt2ustprp5meicxa._file
Verdict:
unknown
Similar samples:
27d13ec8af85a7f7243aa5e0ec5fed2dd3ddf9d781fddfc00301b1317c245de8
2cfe3ffadc27ccca8b9258dfe727dbfbf1ea086b89f5d75d5e3bc2c86d6175a0
3342139f47df082fc20b738eec263c9d4469bfa0d00677c0eb9cf2703aaf9564
498e83013c9780ffe9f96a9b93e12c74af0bdeb4861ad405f8c165cc94165070
8e86d9234855b1ecd39a173027ac4486f443b4eb1896e28e8b2e79212107e762
a72fad6bdee764f3157dd34661dc5d1938e230d6f7a04f92c9f84188ad837553
ba739024a4d86294decd11b769dc20bee8fbc9728b17ae35282682114d397c49
c423ac5f46b00241341cbb50db700f5d2a53f0f92f5000d7a9bf9be1ef93c383
c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf
fb764def7db7639577aaf3991926ccfc30be6720af017184c729e4c6733e15b4
+ 156 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/200818-b1rdn7cee6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Maps connected drives based on registry
Maps connected drives based on registry
Checks BIOS information in registry
Checks BIOS information in registry
Looks for VMWare Tools registry key
Looks for VMWare Tools registry key
Looks for VirtualBox Guest Additions in registry
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar cf7e153e18eca866d7a3ff76b3cde752a28c742428c4e1657edcabed6d2ad84b

Executable exe d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae

(this sample)

  
Dropped by
MD5 139b84d1a8b2f3e2b9147f54ac0d60c7
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47735/
  
Dropped by
SHA256 cf7e153e18eca866d7a3ff76b3cde752a28c742428c4e1657edcabed6d2ad84b

Comments