MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0419d8d710c448dfba5fdb36f01cde6e702cf062a55e20a3ccac0dd54f71cbb3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0419d8d710c448dfba5fdb36f01cde6e702cf062a55e20a3ccac0dd54f71cbb3
SHA3-384 hash: c056e853b55efcd5937434393c32878830d594ade21340edcfd1e83d55d3580a0a3b0eaf492c1f2ce5fabb006467a9b7
SHA1 hash: a07dbdd56d33c93196cf1af8abded3f7eebd7509
MD5 hash: cbd21bd0144b7f30b391ab92dcc7ef66
humanhash: fruit-glucose-queen-zebra
File name:Faktura Sizeer PDF.scr
Download: download sample
File size:450'030 bytes
First seen:2022-01-14 08:56:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep 12288:hcrNS33L10QdrXMW/nBLWX2QVXRFWVCU79RQpI:cNA3R5drXd/NQVHWodI
Threatray 1'259 similar samples on MalwareBazaar
TLSH T1F0A4E002BAD284B2EA7319364D39B711A97DB9301E34DA1FB3D44D6DDE31181A631FA3
File icon (PE):PE icon
dhash icon d48c8cac84888a84
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Faktura Sizeer.PDF.zip
Verdict:
Malicious activity
Analysis date:
2022-01-14 08:27:43 UTC
Tags:
trojan rat asyncrat ransomware
Link:
https://app.any.run/tasks/f8408029-aca3-4fa7-a0fe-ae91d1596fa2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219259/
Detection(s):
SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4168/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed replace.exe setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/61e13ae61883c5ba4ecb0843/reports/b11ec9ea-63cb-4c52-8615-b5dacdf79e05/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f08ccddd-e652-43ba-99b3-328a9ac0af9d
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/920611
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0419d8d710c448dfba5fdb36f01cde6e702cf062a55e20a3ccac0dd54f71cbb3/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-14 08:57:18 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06aba312b446bf01180d633c94686c5ab2d102d40156b5cd9a9255cc6fd5b69c
0eb41e962d7be24fe14670c0bda3283dd6db00bbe813d1d93da23c125af8e4dc
1c9ac73de149a9df1d58572db60bfa8824470f11c109ea55b91aada0d6c8a2a6
3046d9e6d364bf2dbb3d67251919fa792769c87dbe2a36cb76faf5217fe32137
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
71f75231ec231d35684b7b43f0b599fb8eae9978ae979c9ebb9f484ce405e7f1
b358b1ea537bc5e2dd3ddddbd1e9884770665569d5baaf20c2edb73cdd90ac60
be229bdaf4ed159fcee3b29cf41851f25ce584b88aac09aaad69bf51e1b14577
c2c3851dfab3b0b959145307759d5ed1cb64d92b7e0af87b79f0df0ee7b71e38
+ 1'249 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220114-kwmslsfcf2/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
0419d8d710c448dfba5fdb36f01cde6e702cf062a55e20a3ccac0dd54f71cbb3
MD5 hash:
cbd21bd0144b7f30b391ab92dcc7ef66
SHA1 hash:
a07dbdd56d33c93196cf1af8abded3f7eebd7509
Link:
https://www.unpac.me/results/efda24f7-f497-4436-bdb0-48e158023c88/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0419d8d710c448dfba5fdb36f01cde6e702cf062a55e20a3ccac0dd54f71cbb3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/219259/

Comments