MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691
SHA3-384 hash: 1aae22014a42d9615a4f72a856b6952d2bc4be0d1b90fa3f9073ff179daba1edb6ddf94e672237e139992e7b245a2af7
SHA1 hash: 7cdd0604f876189ae9fcaaf86cb595f1fbff212f
MD5 hash: a203977a3bdd9ba9a22a56952cc4969a
humanhash: seventeen-venus-paris-summer
File name:Order 488756.exe
Download: download sample
File size:1'067'520 bytes
First seen:2020-08-16 08:05:49 UTC
Last seen:2020-08-16 08:32:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:0jO03lp6fB595ASg1ZSnwQhpVIXsuqw4C8JI+lRYwcB:0jO0Vp6z9EqnwQhz7uqw4tzlRRc
Threatray 46 similar samples on MalwareBazaar
TLSH 1B352373F5948B2AD07E6FB9F9E1176103B175E6E545F22CBE400AACA9706C6D280FC1
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vm4228.cloud.seeweb.it
Sending IP: 85.94.210.165
From: rafaeljorgefernandes@gmail.com
Subject: weekly order confiration
Attachment: Order 488756.zip (contains "Order 488756.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46434/
Detection(s):
SecuriteInfo.com.Generic.mg.a203977a3bdd9ba9.15934.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/432201
Signature
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 08:07:07 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=635q7ecq6opgy2zuihlkohios5kvecj7z537dvc2wbxptmp5o2iq._file
Verdict:
malicious
Similar samples:
0d048612a3cb9e6113b539ce3bd2f08f56e604869cdb38edcf02400ae12c3a74
1f5f7921e3be739b51bead01306a9cc5dc7fec1dbc01a6784497de89afb6742c
37e399fce2caa80c9ea931f693b51a6d1c11464df1ead916cfca67f6100ad71f
69141d8c99ebc4e3298c2e7203d061fe46d3bd513e3f93498a9fe2753cd82b8a
77bb6489c1fd6c87f2ba80955211d0eef9be425d4e6076bd7280c6f87f9f3300
7811b5864571348651746538905398e08bc9a5a11d6cb27ff6dd7a970be77741
babb19e7cb06c97942ebdda46ddfe8435b8281ab8459080e0282485e02d587d4
e593655b5dafbbb4d5a991689b883d1304c8b653a714ec724d31c08ed37f13d5
ed847b13d7e0e4544eba48cd80e78a0dc002a8c46b3acb871113ad5be5f44916
f16ce9d494986b9f5a386de9b3a9a691c7939db12d030daf87cbb4c5f299f315
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200816-zgnq2zagfj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 45b26d2085ede250de311b3aa2ba7fc42ae091546f587ca439b52e366d744e63

Executable exe f6fb0f9050f39e6c6b3441d6a71d0e975552093fcf77f1d45ab06ef9b1fd7691

(this sample)

  
Dropped by
MD5 aabae6e2ae1c784be197bd9e2ff742e1
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/46434/
  
Dropped by
SHA256 45b26d2085ede250de311b3aa2ba7fc42ae091546f587ca439b52e366d744e63

Comments