MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dfc80ed1e6035b50b5250c581e2c758485ec00a1cb3e3d681b1599d97dcd6fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dfc80ed1e6035b50b5250c581e2c758485ec00a1cb3e3d681b1599d97dcd6fe
SHA3-384 hash: 52fb32b805b417d6ad8354b69270629c988043aeb753620adaea8456ea7d95825ba88d0ac5bd5baf9369962d63dbbe6e
SHA1 hash: 6a269ddb64a360a1489a3bbe22f5cdbc642fe96d
MD5 hash: 14bb6d7ce645687b4f1d476e57cb3377
humanhash: king-december-fish-nebraska
File name:EVS-1550-Gauge.exe
Download: download sample
File size:837'632 bytes
First seen:2020-08-13 11:17:36 UTC
Last seen:2020-08-13 12:24:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:etyEh2M2ZJGdLdlbpPL+bn8VLA16UtBTjfAFAE1IYJBP4/UOquX3z7peidy76Tp1:2vLdl1L08VMtjcdJBPsEuX3z7pbyU
Threatray 16 similar samples on MalwareBazaar
TLSH 9605233082E88657D67F47FD2AE019004B70C2A97917FFD66DC4E0BA462EFC1652A17B
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.pickelhost.com
Sending IP: 104.168.243.73
From: 'mayurzala@chemprosys.com' <vladan.vlaskvioc@gmail.com>
Subject: EVS-1550-Gauge Inquiry
Attachment: EVS-1550-Gauge.zip (contains "EVS-1550-Gauge.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45125/
Detection(s):
SecuriteInfo.com.Variant.Barys.54078.22540.12044.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/425983
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 265608 Sample: EVS-1550-Gauge.exe Startdate: 14/08/2020 Architecture: WINDOWS Score: 25 10 Machine Learning detection for sample 2->10 6 EVS-1550-Gauge.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1dfc80ed1e6035b50b5250c581e2c758485ec00a1cb3e3d681b1599d97dcd6fe/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 08:52:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dx6ib3i6ma23kc2skdcydywhlbef5qakdsz6hvubwfmz3f64237a._file
Verdict:
unknown
Similar samples:
015b5c9d314dbc40c9648cfb212ebdd2766907050efaaf63455ecdc86c7d229e
0f13770e2aa3d2e01f5556dbd0e1dfd44fefbfe2c17e99bb735c1a7ab4c9ea95
393f3a52d990d94a52fa3ca2f81c826ab42297f43aa28e009ead38d819088b49
5e213d2493c5bc953d18dd070245d69e9bd64c35bea6bd9cdad4b4a9a10765d7
8282f33e3a61d344387e621a37e6fb422f33ccac7d109f145d3e8543771275a4
9c6bbfdf945d38d82675e6c14c17fc45b3d73167671e1e7546cbf677ad2f0ce8
a370d563b7589f987e2647507385ab3df4a3e259952187bfa09b566896f09e9d
a465d738b180ef7304641b26840855fc15676b2d04a52b67388dc1cd55c29cae
c40236c19d4369a90e61010df268f99edf0d3daeb44527d4b32af092a3765161
d70f0b279a833ddd93618b276c48d139300feefa21630e76c3d9a40864cde24d
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200813-6j3t57blda/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1dfc80ed1e6035b50b5250c581e2c758485ec00a1cb3e3d681b1599d97dcd6fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip c1262d580e57131c04be11865d5ff151e78cadce3dfbb78b2e0f3865a293dbda

Executable exe 1dfc80ed1e6035b50b5250c581e2c758485ec00a1cb3e3d681b1599d97dcd6fe

(this sample)

  
Dropped by
MD5 45ae8ea15de3e0c865da71f0fd9c1a6a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45125/
  
Dropped by
SHA256 c1262d580e57131c04be11865d5ff151e78cadce3dfbb78b2e0f3865a293dbda

Comments