MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260
SHA3-384 hash: 7a69000f942ffab3d27900249815f578cd0ac4e8c44914fe49b07cd377863b44740ab4cd0228a6b93674ce6a5bdfba6a
SHA1 hash: 34498d113ea3f8f5a63fb7314039bce42424c1c9
MD5 hash: b0c5f69bc9ed78855411de1d10289b7e
humanhash: shade-batman-west-washington
File name:Payment Advice for Reference - 20201013_PDF.exe
Download: download sample
File size:210'608 bytes
First seen:2020-10-13 10:42:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'604 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 1536:xPbzzwpXlMv9QqLnSnUe4nfDxngLNXTemXtTjWKMj9lvCow1mzWTUfCd:xvzwuRLnSnURNngLdfXtG9p7EmzWN
Threatray 37 similar samples on MalwareBazaar
TLSH 352431312F99CC3AE05F8EF5F1836254F466CD4E8F978945C9BD26ABD432EC0A817924
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.uuwears.com
Sending IP: 45.95.169.179
From: info@uuwears.com
Subject: Re: PI ödeme tavsiyesi Ödenmemiş finansman,
Attachment: Payment Advice.rar (contains "Payment Advice for Reference - 20201013_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70406/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.65355.27557.7962.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/489556
Signature
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 10:08:35 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d5omhuko27j57vrdmlgeyugwqojcp6wdgqvyhyx3zypjfba6wjqa._file
Verdict:
unknown
Similar samples:
0f014ffb0f5d6c1d60604f77036406bab647d0eec541be614a604160c202c3ab
1f2a1d2ae2401bab5c2d7c3d6062ddc4af9517e0f99bf89e6b6cd02a70bcd0e2
2ed611befc2af97a0bf7bada7f7b53d4f625f99620983252455e675d22021bc6
5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2
6dbd3f42bf990db55372e1e01a3ddb4dbbdf3051fa01492bca882dbc023bb71a
80672dc10b55aaea12c39cb39fdc3cbe4a10d54b4ca9e6134ad455f60aafa0e4
93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079
95c37518f5a88778d1faad771fcbdc5d1a0e816b9e9b8cd7763a258f5445d79a
9f2db3c39e19066111590682924d0c124e83b13c1acebca4059722d8e7fc649c
f4c535616a04819e9553cb3dbac66db0021065fb89a5e5c799c0b4eb301fb582
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-bph8hjqptn/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260
MD5 hash:
b0c5f69bc9ed78855411de1d10289b7e
SHA1 hash:
34498d113ea3f8f5a63fb7314039bce42424c1c9
Link:
https://www.unpac.me/results/89031a2e-5bd3-4807-ac78-96ae7b733944/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 1ff4e86f5fcc8f2995f2de53fc1e6c2b4d036a4ff253185d40474032156c9d17

Executable exe 1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260

(this sample)

  
Dropped by
MD5 50b62a3012f7788274bd60c0d9c2e220
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70406/
  
Dropped by
SHA256 1ff4e86f5fcc8f2995f2de53fc1e6c2b4d036a4ff253185d40474032156c9d17

Comments