MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0999e53214bad0fa345666c9c92bef0b9370a6cbe38ff53a254baa2d96e2456a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0999e53214bad0fa345666c9c92bef0b9370a6cbe38ff53a254baa2d96e2456a
SHA3-384 hash: 36f9b3d3349160511406e2ab351e6d41e1f79c4f3e3d05e2d42a7820b969fc58633980f5ff2e140b0e853f66b5e5fe62
SHA1 hash: db6d55b895962af9262bdad18b4f022f9129eccd
MD5 hash: 75800e13c234deca15444a6d44db498a
humanhash: seventeen-snake-crazy-potato
File name:Wire Payment_pdf.exe
Download: download sample
File size:259'993 bytes
First seen:2020-08-27 08:58:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24f4223e271413c25abad52fd456a9bc (21 x GuLoader, 15 x Loki, 10 x AgentTesla)
ssdeep 6144:AHfYbhAX0RX3sANAbb0fPrCdTkRWFjUyY+54i5MaD5BVT+d:AUAXrI7CkWFjUyYM4i5MU5Bdo
Threatray 66 similar samples on MalwareBazaar
TLSH 6A4412217B44C0AAC9D2957168AA2DBE88BDED3B01B5AE4343C07D6F7C328E1DD1D752
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: a0122.abansys.com
Sending IP: 86.109.178.104
From: "Cindy Lopez"<Cindy.Lop@aaglobalimports.com>
Reply-To: <Cindy.Lop@aaglobalimports.com>
Subject: RE: RE: RE:UPS Shipment 779945110T:**WIRE COFIRMATION
Attachment: Wire Payment.rar (contains "Wire Payment_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/51711/
Detection(s):
PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.ObfusRansom.bc.6542.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/452477
Signature
Antivirus / Scanner detection for submitted sample
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0999e53214bad0fa345666c9c92bef0b9370a6cbe38ff53a254baa2d96e2456a/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 03:45:44 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bgm6kmquxlipuncwm3e4sk7pbojxbjwl4oh7korfjovc3fxcivva._file
Verdict:
malicious
Similar samples:
088999945f71cb731f4fa4d6e73591ecdf1829306a6dca66be75947fc0c8d00b
198d05241ee46346a622e687e628fbdbe7185db3a206eaa7883b5f18f0095de2
44b2a6748bfe73b0e4515854def74fbd816ffa56842e3b544438cb34a249a41c
46a8cd49147840874de19fba4807e2780189fa7e81b58fe01013b69f6aca34ac
574244157302423f04971fb2c348a4ae598a67b15f1a2edda0b2ea3cfcc0a4d9
60952b7b0b3edeb47b07f1d2a0fb87856b165550e47c605c4ef4fb1da699a332
6b1df4cb218093a57a5646f0d6ece41d548fae6cce51d90d1540686d747069b6
a89c531ad157965de03cf15ab2783f0b24e6db0981556a7bf5ad8fe5c7d66ef5
b5bcbfe8ba02879ac963d4f9ed48203c934e80edb58b814129ad836544f2c3a3
d87e7752ee36b46b902d88317b5c5b172927760a4f171c95f812991ec62ae963
+ 56 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200827-2pvhl8733s/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0999e53214bad0fa345666c9c92bef0b9370a6cbe38ff53a254baa2d96e2456a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar a89ff15d13fde23d37b6d111ae6df5ef52c22422ff25b216473dee06efe87b2c

Executable exe 0999e53214bad0fa345666c9c92bef0b9370a6cbe38ff53a254baa2d96e2456a

(this sample)

  
Dropped by
MD5 e0e4ffd8df1a37f8b6b636f1921ffeae
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a89ff15d13fde23d37b6d111ae6df5ef52c22422ff25b216473dee06efe87b2c
Cape
Cape
https://www.capesandbox.com/analysis/51711/

Comments