MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72
SHA3-384 hash: 2ab29f0adcc7d6f0afd9c29f4bec03f7caf8b26f243a83f4580e016b377a66d21af36883c7cfb69239a804be02656e5f
SHA1 hash: 9b955e93739342f07068023e9f084d0c836f33ca
MD5 hash: f4921cfe289ab6ea6226d1a7ea791abf
humanhash: tennis-leopard-robin-comet
File name:NFe_73672877322991636581397389265091385916880127272919010163937.msi
Download: download sample
File size:1'154'560 bytes
First seen:2020-06-29 05:14:34 UTC
Last seen:2020-06-29 05:39:19 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:VSQNTTCP8otYskdms4bYPsFVUHl70Tvr/7Ra9AKbi2QxgNev:VSQ5T68otYLN4bYkFvr/7Ra9ATxg0
Threatray 55 similar samples on MalwareBazaar
TLSH 7B35CF1276C6C533C4B705702F2AD7A6457DBD204BB198EB23C86E2E1EB19C15732FA6
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:preview.web
Issuer:preview.web
Algorithm:sha256WithRSAEncryption
Valid from:Mar 12 20:20:03 2020 GMT
Valid to:Mar 12 20:20:03 2021 GMT
Serial number: 01
Intelligence: 369 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 8E5AE54C94BC7C8C236FB1B2A0C8FA8A29175D16F2123484B6866D8B22016177
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15297/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72/
Threat name:
Script-BAT.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 05:16:06 UTC
File Type:
Binary (Archive)
Extracted files:
56
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0f12408c06ccf60608a60572d521bbc8012e6ce7e0d701781a0a33e0e1fd1519
97942d0573a6d997619f9726a0f86a867ccc910a895ff62bfb8e6b030efdd2ec
9843575a9a75623b14c8e625d5baa83ab667cee45e91fc79cac2c959d29d01e7
9e2a79f4a93a4f337997bf6f5826dadfa703ee52cafd9303c926abb7024ce590
ade7b2a4df3fa5838db5d0163e7d8d44a80d880bd9e393b679bab4bad60282df
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
d0b75623d36da9695f32016e7e99e514a7c5e903ad41b281cb348fad7d98a138
d46dd776096b9f1a39203318bb76fc837e51c9f0a1212dd349eeb57ce6e58758
f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17
fc1b36e39f87cff2c9076a7e8316af297255a92824338b19b69022b47a47daa6
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion spyware trojan
Link:
https://tria.ge/reports/200629-qrg3wxekte/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Modifies system certificate store
Adds Run entry to start application
Enumerates connected drives
Loads dropped DLL
Blacklisted process makes network request
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15297/

Comments