MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12713f7b0402e9a7e16eb224b3eaf6b9dfb5bb4219a76dce6a2814a6f3bfa0f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MailPassView

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	12713f7b0402e9a7e16eb224b3eaf6b9dfb5bb4219a76dce6a2814a6f3bfa0f3
SHA3-384 hash:	49020de1b92032740cd6769ddb10df75766c9443520bd10b3d8b423a59dbae5df83152743635f850a0933c80ea768404
SHA1 hash:	88b5430d28bfa90ddaf5c513a610cd4225a81744
MD5 hash:	e15f13c09384120c7ebe239fc2cabbf0
humanhash:	kansas-avocado-missouri-violet
File name:	KJVBKJ.exe
Download:	download sample
Signature	MailPassView Create hunting rule
File size:	1'575'936 bytes
First seen:	2021-11-29 15:56:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bbac62fd99326ea68ec5a33b36925dd1 (46 x AgentTesla, 38 x njrat, 27 x Formbook)
ssdeep	49152:Fkwkn9IMHeabnfNWlidYn1sBx5CUaPCS:+dnV7lWlX1sBx5YPC
Threatray	1'699 similar samples on MalwareBazaar
TLSH	T19775E00373DE83A0C3729233BA66B755AE7B7C2506A1F19B1FD9093DAD20122521F673
File icon (PE):
dhash icon	71e8d2ccb892cc71 (8 x MailPassView)
Reporter	Anonymous
Tags:	exe MailPassView

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

KJVBKJ.exe

Verdict:

Malicious activity

Analysis date:

2021-11-29 16:15:32 UTC

Tags:

stealer

Link:

https://app.any.run/tasks/6d02dfaa-db31-40a3-9c0c-dc3e0319066f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Malware.Autoit-9780500-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %temp% directory

Running batch commands

Creating a process with a hidden window

Creating a process from a recently created file

Reading critical registry keys

DNS request

Stealing user critical data

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/154/overview

Behaviour

CheckNumberOfProcessor

MeasuringTime

CheckCmdLine

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

nymeria packed

Link:

https://www.filescan.io/uploads/61a4f850effcae2254f499a2/reports/50a05edf-9e42-4131-b9df-f534445422f1/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/de90fe3c-e93d-417c-a8c7-ac25d06af91d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12713f7b0402e9a7e16eb224b3eaf6b9dfb5bb4219a76dce6a2814a6f3bfa0f3/

Threat name:

Win32.Hacktool.MailPassView

Status:

Malicious

First seen:

2021-11-29 08:58:41 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

20 of 28 (71.43%)

Threat level:

1/5

Verdict:

malicious

MailPassView

0557e333f1847ac02b825363cb78ea97cf53f3a0cae253830572c89c8dec01ed

MailPassView

3093fc14a0bb06b811cfd1551715b43f74fdbe75b179e27e44f737a2a1c7154c

MailPassView

36b9146fd7d45954b83a4da982270bc9274240acf44a683ef71e7387f784053a

MailPassView

57d392e13da883ae7f36912e3d766694b476623894ab80c1f5b35370cb8316d8

MailPassView

68834992b1f069c50b69ef70bbac00639957b4918834b3171e9e5d07fd24c388

MailPassView

a1620dcffe511b88c80a6086691eca79f7a66edad2196ab265bba7278f2e431a

MailPassView

a4651a13c5c1ad76aa985712a38891333b3bdf02a46ed619aabcbfcbfd0ddb5e

MailPassView

ac2f6be5e15c9c9344043219d8487fdbe92ad443fa23b195b4f4baee5500a5f9

MailPassView

f8292298f2fe8d14012c0c6d4b98ef47d38dfb0e8e359a81fbcfd338d915dfbb

MailPassView

+ 1'689 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

collection spyware stealer upx

Link:

https://tria.ge/reports/211129-tdxpjacdan/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Accesses Microsoft Outlook accounts

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

UPX packed file

Unpacked files

SH256 hash:

12713f7b0402e9a7e16eb224b3eaf6b9dfb5bb4219a76dce6a2814a6f3bfa0f3

MD5 hash:

e15f13c09384120c7ebe239fc2cabbf0

SHA1 hash:

88b5430d28bfa90ddaf5c513a610cd4225a81744

Link:

https://www.unpac.me/results/561f39d9-861b-47d5-bf94-ae39618cc428/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/12713f7b0402/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/12713f7b0402e9a7e16eb224b3eaf6b9dfb5bb4219a76dce6a2814a6f3bfa0f3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	AutoIT_Compiled Create hunting rule
Author:	@bartblaze
Description:	Identifies compiled AutoIT script (as EXE).

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample