MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011
SHA3-384 hash:	cfef9f0308df03f3686e3385d6fdd15d3dd0db9743d0d0d623921d633a76e536c9309d071eb52519c4251f06002fad5d
SHA1 hash:	0a24243cd537f8bac4e4d2fcb19c97f4d75c16f4
MD5 hash:	6f7d999d0c8b8b3897c337e84649a6bd
humanhash:	earth-foxtrot-nineteen-robert
File name:	IMG 2020-08-12.exe
Download:	download sample
File size:	865'792 bytes
First seen:	2020-12-08 08:01:18 UTC
Last seen:	2020-12-08 09:31:34 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	12288:gN6nq3eq6Iz6S9B8TX1G0qXfcAgFWsgUJM1WBMmI3DNJ7L7XMfL74iNcIUx:ggoeFIz6S9BGIEA2Wp1WamqDPL4fc
Threatray	13 similar samples on MalwareBazaar
TLSH	C005AE385FA9053AF53BAB7C85E02446ABAE77D37703CD6C59B602C90723A42D9C163D
Reporter	abuse_ch
Tags:	exe Outlook

abuse_ch

Malspam distributing unidentified malware:

HELO: APC01-SG2-obe.outbound.protection.outlook.com
Sending IP: 40.92.253.93
From: RASHID ENTERPRISE <rashid.1955@hotmail.com>
Subject: Re: EID MUBARAK
Attachment: IMG 2020-08-12.gz.rar (contains "IMG 2020-08-12.exe")

Intelligence

File Origin

# of uploads :

2

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/107200/

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.cc.20168.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Launching the default Windows debugger (dwwin.exe)

Result

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/557719

Signature

.NET source code contains very large strings

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011/

Threat name:

ByteCode-MSIL.Trojan.Bulz

Status:

Malicious

First seen:

2020-12-08 08:02:06 UTC

AV detection:

11 of 28 (39.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bsadtgl32lsfnzbig2rwzsxmlugrerpsrd2lj7a6q3sor6ogaaiq._file

Verdict:

unknown

Similar samples:

1989b7078501dfe26669ba2af737ed8dba616acb527193e3c64eaf3a1942c5b8

4cf9aa6df9472ddba54a9104d6d559229da3796b96a8dcd2a9ed52873f7359e5

58322659acfc21d063a2acb0d64ea2846d21ab2e256b0ae4f83646ff03bf2387

5df2f562749ce15ad7236e5ddf98ca6d8345c6edb40d7d9b7363b3dac26c4a83

6fa5193499b368d6d8019e1d0911bfd896de0e79250f6b1bf9f371c7f213f12f

c8bc2bde7ab29368fc3ac5e32367bf63156514940465721908846bcc353eec27

d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d

dcb39be80203e5de62b87f99b5fe21eb25556d58c9d654156850995e86f1f4ba

de10e041ff3250edccbe8a5edee50e9812620a3fff80de82545f018ad24cca0b

ff21de6f802e53369430d704c5372b8598c4ffdb7a693664ef22422c04b84c5f

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201208-m7x16szccj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011

MD5 hash:

6f7d999d0c8b8b3897c337e84649a6bd

SHA1 hash:

0a24243cd537f8bac4e4d2fcb19c97f4d75c16f4

Link:

https://www.unpac.me/results/9371c9a5-9d20-4222-8d47-b380cdce7005/

SH256 hash:

9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f

MD5 hash:

7476e403eef14ac403c63c7279831780

SHA1 hash:

8387f558e30dc115987ac2b5c174a41302471abf

Link:

https://www.unpac.me/results/9371c9a5-9d20-4222-8d47-b380cdce7005/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.48

Link:

https://yomi.yoroi.company/submissions/0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 6557b52758784e6ab83c5511b8d5dd74938a8b3f79e816d2f7709938d03f3508

exe 0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011

(this sample)

Dropped by

MD5 7642c65e739b21a06c49dab72c82e9ed

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/107200/

Dropped by

SHA256 6557b52758784e6ab83c5511b8d5dd74938a8b3f79e816d2f7709938d03f3508

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample