MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb764def7db7639577aaf3991926ccfc30be6720af017184c729e4c6733e15b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb764def7db7639577aaf3991926ccfc30be6720af017184c729e4c6733e15b4
SHA3-384 hash: 253d846a74fce575b5490cb1f6f99c165e41ff9a0c5571c7c14ee4b6b2d1aade9cba04d1133cb5202e5c6430072f7028
SHA1 hash: c3cb1d5703702d35307dc0ab222552642c6c6846
MD5 hash: 301e6869c01846de25be36929c12f1a2
humanhash: beer-red-montana-cardinal
File name:Shipping Doc.exe
Download: download sample
File size:458'240 bytes
First seen:2020-08-18 05:33:30 UTC
Last seen:2020-08-18 05:39:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:xfz4EcmZHAFaxmVmie9bngP7u3OMlxE4p6tCxt0WjcTP4XXkS87urpGqh4ZJNvs3:xb4EcmZHAFaxmVmie9bngPSOMl1cEC98
Threatray 72 similar samples on MalwareBazaar
TLSH 59A4D0AC35A0B19FE5E94DB6AD605C2447A07367030BFE035C53A9E447DEBF2AE014A7
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47486/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb764def7db7639577aaf3991926ccfc30be6720af017184c729e4c6733e15b4/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 02:29:44 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7n3e3335w5rzk55k6omrsjwm7qyl4zzav4axdbghfhsmm4z6cw2a._file
Verdict:
unknown
Similar samples:
14adf4dd13033d8ed032a7ebd489a056752df681ec958d92b92d8776d0387f7e
1f99b560ace74f8e22db8b470a5592f425103fe192e9ab6eb45b9b1a9c9346de
27d13ec8af85a7f7243aa5e0ec5fed2dd3ddf9d781fddfc00301b1317c245de8
2cfe3ffadc27ccca8b9258dfe727dbfbf1ea086b89f5d75d5e3bc2c86d6175a0
5f999e74c034f2e59b2054aa04f9a592cb15f0259d43a67922fd7997ad451240
600c314a52d8bb7cbf7ed06ffe13ac5c34cdf4013ecedaec166b0d1a7ec6de0d
664d1ac82bff83f40139d15b11d0eef8a4a34123596b8b5fcecddcc7ef07141d
8107802f3247e162ca6e3f0048a9ef27535c72ddc1972a85c685dc180fbadac6
a839e6e1e51959eec1004e636c5dda866b665b63a2d450669393fffcd6aac706
d025e8c2a20cdaa265fa357542d468d09ade7bff2a7304cf5494df17f58440ae
+ 62 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-al1m4qdjze/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 185da05786d6028eff22b5748184651bcd2954560679f89186d4cd3757bc07fb

Executable exe fb764def7db7639577aaf3991926ccfc30be6720af017184c729e4c6733e15b4

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 185da05786d6028eff22b5748184651bcd2954560679f89186d4cd3757bc07fb
Cape
Cape
https://www.capesandbox.com/analysis/47486/
  
Dropped by
SHA256 329ad300db13941747388cb7e32c6ef8f8875d3090cb9ebf09aa51420faa9bfa

Comments