MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 076ff4f8a53779fff8c12e4447c1f57a7ef651768a84da9d87d9cce62ef30407. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 076ff4f8a53779fff8c12e4447c1f57a7ef651768a84da9d87d9cce62ef30407
SHA3-384 hash: 521fb5dac200554ebe06b9a63ac8cd4f58a2ca4ef5d38448d9c0ac83f370ed31a8c5a3d696e2718a574be28fce51283a
SHA1 hash: 62cd7992cfd676847330bb8c42b89ab8bc476fca
MD5 hash: fa7a2b9ef413fa314fe084a9874a0ff2
humanhash: kentucky-harry-undress-oxygen
File name:SCAN COPY cn-0517-201001-m03-001148.exe
Download: download sample
File size:765'952 bytes
First seen:2020-08-06 05:47:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:+fP3SG3tD53rwp42IBD8wAKpkoPiQP9mDqhyop5EsLaW5lj2pubDACbgrpiA:0tDJM4248wnkoPjByoMsuWHj2ULsQA
Threatray 89 similar samples on MalwareBazaar
TLSH 6EF41254338D9B72DAFC9FF4911C349053B9BC6BAE55F3284D8270F62A36B80C660A57
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: blinux.thesecurededicatedserver.com
Sending IP: 198.52.104.94
From: Müberra ÇETİNKAYA <muberra@umsgmrukleme.com>
Subject: attached shipping
Attachment: SCAN COPY cn-0517-201001-m03-001148.rar (contains "SCAN COPY cn-0517-201001-m03-001148.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/40070/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/412135
Signature
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/076ff4f8a53779fff8c12e4447c1f57a7ef651768a84da9d87d9cce62ef30407/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 02:47:11 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a5x7j6ffg54776gbfzcepqpvpj7pmulwrkcnvhmh3hgomlxtaqdq._file
Verdict:
unknown
Similar samples:
22a420112c97f94c87b2efa2e1d3b46d6f91655c1a86a6b6a1cd94e3e43259af
407dbe5863d155a141aec5b500637d794275bf0680e2c8ca34e99f56a28f11a9
469d5a8aa26b60c5f3234e2124fcda7a61b3accf4011373b32b49cff2cda745a
5c6d005bb7bd065341b432bf6a27117c76115e18ae10fd21906759d05d05f733
684c2ac7c5d08c046fd4907cc4466827dc01fdd403ff7bbd64c5aa247884ac74
77bbe59685fd4ba30b0f14c6471ba479adbe790de6499c7ea2370b2055fcc9c3
968bef9303261890912cbde7737195a73c2d8892457c3cc8a327008effb4e8c9
a41851a6ade9f88136829a392e1ac11e0e06c21a25fdd0e3961a347d28204608
aa4fad19caeb7d4d9abd68155eee268619442c6cfc8a69c2bc337dd4efdf4b4d
b76ab295c0146b7ef4cdccf4056a85688ed860fc65c8b8b7121ad8fc9a555021
+ 79 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200806-1dm8jr8xzx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/076ff4f8a53779fff8c12e4447c1f57a7ef651768a84da9d87d9cce62ef30407

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 363561489d3f5450420140b660a8ba644c79ba13359972b5c399962e90ea7370

Executable exe 076ff4f8a53779fff8c12e4447c1f57a7ef651768a84da9d87d9cce62ef30407

(this sample)

  
Dropped by
MD5 577a0e914abdcf66e04ac7193f5f3f0b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/40070/
  
Dropped by
SHA256 363561489d3f5450420140b660a8ba644c79ba13359972b5c399962e90ea7370

Comments