MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12791ab8914f51d34e4200a27e820ace89c4c1ce8a6358d780bc04e10ca57f5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12791ab8914f51d34e4200a27e820ace89c4c1ce8a6358d780bc04e10ca57f5a
SHA3-384 hash: 3df9eaa04bd53543dc5f7678c93b0fd375b30c7f1bdff4efa29a27a1e7fc78140ab5f9ade8ff2d4c2a14e7168c3add1c
SHA1 hash: b6535082cc7bdc1acdb9fe5b1a57196284306722
MD5 hash: f34f70137d2f8238d8525b2e6561623f
humanhash: muppet-music-ceiling-golf
File name:f34f70137d2f8238d8525b2e6561623f.exe
Download: download sample
File size:376'832 bytes
First seen:2021-08-26 12:42:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (63 x Formbook, 33 x Loki, 29 x Loda)
ssdeep 6144:b4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0PzW:EXe9PPlowWX0t6mOQwg1Qd15CcYk0WeG
Threatray 1'088 similar samples on MalwareBazaar
TLSH T15884124588C5CCE6E719B370D0B3CE9819757832CC956B689758EA2EB870243B853E6F
dhash icon aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
EURO BILL.xlsx
Verdict:
Malicious activity
Analysis date:
2021-08-26 12:25:47 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/6d3285be-fc36-49b8-b858-1889844c434f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/182642/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending a UDP request
Sending an HTTP GET request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e3871b8f-f8fd-4c75-8e55-1193401d7fba
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/839881
Signature
AutoIt script contains suspicious strings
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12791ab8914f51d34e4200a27e820ace89c4c1ce8a6358d780bc04e10ca57f5a/
Threat name:
Win32.Trojan.Gorgon
Create hunting rule
Status:
Malicious
First seen:
2021-08-26 01:02:38 UTC
AV detection:
15 of 25 (60.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4
17d901ea338cf7b487226ebd86f963023ce246d9f3aaa973f6d15c44cb01907d
1c4cf94d38837e40ac5654711ef04cf7f2e07a66c065c46955d92d0d95089d90
28168c7a0fffc6787241b2c6e8c9fc1590e5715fbea2af58cb2e4f92e72374fa
2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405
378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc
71335267a0a48bbcf678e354b421445d3db926ec5dd9b40c2a004cebb9b166f0
89887d6a5f728886bc9f6012606918246c91ecafe903777f4fcda168217e9a5e
bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58
f3037e5e047b6bfbfb11c453d1d836217e8c7ec606eacce69dfe31bf8b260821
+ 1'078 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210826-je685agxz6/
Behaviour
Modifies system certificate store
Enumerates physical storage devices
Unpacked files
SH256 hash:
942d197025bf75ec631462e4f81701b778b1f25e33a09694b6f4bea9ba2fed00
MD5 hash:
68832cee35a707943d4263e1578b7ca5
SHA1 hash:
76fd4099248d2ab6640978d8d2200620aa9e5564
Link:
https://www.unpac.me/results/216a004e-ec95-4845-b4c9-32350753d839/
SH256 hash:
12791ab8914f51d34e4200a27e820ace89c4c1ce8a6358d780bc04e10ca57f5a
MD5 hash:
f34f70137d2f8238d8525b2e6561623f
SHA1 hash:
b6535082cc7bdc1acdb9fe5b1a57196284306722
Link:
https://www.unpac.me/results/216a004e-ec95-4845-b4c9-32350753d839/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.85
Link:
https://yomi.yoroi.company/submissions/12791ab8914f51d34e4200a27e820ace89c4c1ce8a6358d780bc04e10ca57f5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/182642/

Comments