MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 079a0f977b60a6115bcddb387d8783eeea8cdd7678369c01d0e7b8a6071bf123. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 079a0f977b60a6115bcddb387d8783eeea8cdd7678369c01d0e7b8a6071bf123
SHA3-384 hash: 6fe144048ef43e1ff49b0eadf730c6b4b9f183c39c033109aec0715ce7777610b19ad0ac966cad019d48394733eb8580
SHA1 hash: cb116b8ea616c43c803b5ba2200d9e6f6dbd8ce3
MD5 hash: ae2b3d5774dfd833e48e0e99c9462976
humanhash: oven-twelve-california-uniform
File name:e-dekont.pdf.exe
Download: download sample
File size:1'784'832 bytes
First seen:2020-10-22 08:06:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:gwE11Fbxi/AFm7jlPDUSV5U3eU/gi/c0BIcaKSGSSkQLB2x:g31Fbxi/AEN/5f7EVyjs/8
Threatray 1'288 similar samples on MalwareBazaar
TLSH 32857B1ADBC289F0CD90657683BA99B41373DEAF2170735B010D71E1DEB23C7246AA5B
Reporter abuse_ch
Tags:exe geo TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.doklsa.us
Sending IP: 185.249.197.82
From: Yapı ve Kredi Bankası A Ş <bogacozdemir@gmail.com>
Subject: dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/74572/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Creating a file
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/079a0f977b60a6115bcddb387d8783eeea8cdd7678369c01d0e7b8a6071bf123/
Threat name:
ByteCode-MSIL.Ransomware.GandCrab
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 07:43:37 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6na7f33mctbcw6n3m4h3b4d53vizxlwpa3jyaoq464kmby36erq._file
Verdict:
malicious
Similar samples:
09bdb0fb2e5689963f8375783abf0d87d2dbccc6a7ed8b03d7a53af29ab2c4d6
1f1bc6a65867b976dd8cdc00b6519b60b4da65af780f1636c447e5ebca91da96
41ec47ce62f13677c0c4576c97e299471072aa9ade05670ad0aefdbbd9187fca
64ba0f4265f9ed3f3f9315ee0256b360827074d5f898a7eb07ed98dd5f7fec7e
6637c089017af9c448d8235e20db32603d8547f0611187341cf184dc66c170b4
936aa436f6a85762fe0fa8f9f14af43e5a53ba7bf398f279925f73dc511c09b4
c0b1ba178d886a9d71fb7ffd5b169bf023021e13c545e3cd8d15461221dd2006
d69aa1932b2e702e5065ee19da9fc9cf2b05e7dbaa617141b14eaa501a14955e
d7448da27fa5cbe7df2df781ef5763cdcbb31f6e99d756a03fb1ff577e7043a2
e9fb11df00c7a833b875f7c68fc6d5ee3edeeac7c63d85fc4897f6aef7596f7c
+ 1'278 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/201022-9yra3bb6k2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
079a0f977b60a6115bcddb387d8783eeea8cdd7678369c01d0e7b8a6071bf123
MD5 hash:
ae2b3d5774dfd833e48e0e99c9462976
SHA1 hash:
cb116b8ea616c43c803b5ba2200d9e6f6dbd8ce3
Link:
https://www.unpac.me/results/b814a368-282b-4179-aa2f-d5abbb632846/
SH256 hash:
4f690f3cf792f24a571f09740cf25d0979bde8c11180a26864056643c30479cd
MD5 hash:
304cc4a1948539064cfec5b70bd83e21
SHA1 hash:
32b3754f52323fd71b8349f01c9dd4bc4fecd880
Link:
https://www.unpac.me/results/b814a368-282b-4179-aa2f-d5abbb632846/
SH256 hash:
fd041946df7c3d431cfff601fef8ccd4b4c45fdb3fec73ba008611642334d36e
MD5 hash:
441c23bab329da7b420e963ad8cf0c14
SHA1 hash:
ba8ad7c5bd2c9bfc0197a9b8b2b4ec5f11411ab4
Link:
https://www.unpac.me/results/b814a368-282b-4179-aa2f-d5abbb632846/
SH256 hash:
9790a6aa3d28d77d320c8f32938122c1212b7f6291daa7511f854a3fcd0fb037
MD5 hash:
6e53bc3c0364eefd1d448d25e026975d
SHA1 hash:
f11ea87b0638531f442b113feb19dbaae81ad518
Link:
https://www.unpac.me/results/b814a368-282b-4179-aa2f-d5abbb632846/
SH256 hash:
542282ed737d2cb55e3cb59d05e58e8dbf6473d63461194a9ba597f0f3eb5d75
MD5 hash:
0ab09caf48c9dcbcbd53aef80493abd2
SHA1 hash:
fd985c8ed98d443fde035be26592b92662b9c5ea
Link:
https://www.unpac.me/results/b814a368-282b-4179-aa2f-d5abbb632846/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

e2bbc3a9afd70d1d4b56ef287750624d

Executable exe 079a0f977b60a6115bcddb387d8783eeea8cdd7678369c01d0e7b8a6071bf123

(this sample)

  
Dropped by
MD5 e2bbc3a9afd70d1d4b56ef287750624d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/74572/

Comments