MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 117cca28917405c65fd9e824b381006f453618e5d8c2e080482c1df59a6b8848. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 117cca28917405c65fd9e824b381006f453618e5d8c2e080482c1df59a6b8848
SHA3-384 hash: 0d6106fd6994c0bd0670d333ef1dca6baa4e1b5ff56bef3d102bc2a4b3e3c323c82b5c137670d5b3775b789137bb45d4
SHA1 hash: 8fcf775b9ce883a08562c7b535992fd423ad8f6c
MD5 hash: b87812e5f5cc3ac9fa5380fd2875e77e
humanhash: oven-blossom-white-rugby
File name:Payment Details.exe
Download: download sample
File size:481'792 bytes
First seen:2020-08-14 15:38:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:mt3BleTj8/fTqujv0ukOHuPl/QTjwYuY4YsHx2g0v93Y0POy4EcmZHAFaxmVmieq:5TY/DBkOON/wiJcXL4EcmZHAFaxmVmi7
Threatray 21 similar samples on MalwareBazaar
TLSH CEA4019C30F0A276F3F94FF6A8706C48432667264D26DE4B99A533F053E6BD0BA1145B
Reporter abuse_ch
Tags:exe Hostwinds


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hwsrv-759639.hostwindsdns.com
Sending IP: 104.168.219.207
From: info@losshic.com
Subject: Original BL
Attachment: Payment Details.zip (contains "Payment Details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46053/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/430271
Signature
Binary contains a suspicious time stamp
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/117cca28917405c65fd9e824b381006f453618e5d8c2e080482c1df59a6b8848/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-14 15:40:09 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cf6mukeroqc4mx6z5aslhaian5ctmghf3dbobacifqo7lgtlrbea._file
Verdict:
unknown
Similar samples:
0bf6ccdd920a50186f7318c51564ecc8f502302b084a5fda3feadb0d51e40f24
2f9d83d844287396dcaf52b5c15c1dacc92bc4ae2e2777d24c8d09465037ace3
5042521b58a756c07c9b4d6546b2d6a33c16c49ec60e65d190f17fdb7db006f8
6011714f77a9cfdf682b04df3490a0ca227d9a64074946304b8ccd0c83e6264e
738555842fd28072fedac20f99de12a1f64724d834bfcc3be9c857ca81708660
ac88ad4f977c60a4e265cb5390c408c8979da9d1bb3c9b5c0a3698f359366bbe
af2c5c77ba52532806daae8bffadb2c5a4073009e0f485302d2c816ff315a8a7
ca2ac9192f0d9fe769d59b389543d410921d56b2231a639fd99ae5ffc9c275ef
da7f542b91835ba3090350c2936641058c361e332eda9222f0674dfcbefd4ce9
e1cc292b3eb8e646e0c778966a3150d2f278e1394059cf31106301bb003d273f
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-lbzfe5vvsn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/117cca28917405c65fd9e824b381006f453618e5d8c2e080482c1df59a6b8848

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 87726af09e679befd9d3557ed1f30fc211e6baff4e84f7d8fcd310779e3c8d9c

Executable exe 117cca28917405c65fd9e824b381006f453618e5d8c2e080482c1df59a6b8848

(this sample)

  
Dropped by
MD5 1f78e8a67e597f35c96a503645c88243
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/46053/
  
Dropped by
SHA256 87726af09e679befd9d3557ed1f30fc211e6baff4e84f7d8fcd310779e3c8d9c

Comments