MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850
SHA3-384 hash: 208ff03648fbc0cdb79297d32217af0170888eccad21bf6d05407da33d5cc0e9e20cff2f38db5ac9c860811637c81bbf
SHA1 hash: 47ff3795f3d9a5e915069b45a3e6a0aa97545dd2
MD5 hash: c2d4404796ec4bbac7ab2b75b3e21733
humanhash: cat-red-tango-wyoming
File name:Mediform S.A Order Specification Requirement.exe
Download: download sample
File size:635'392 bytes
First seen:2020-10-14 15:11:37 UTC
Last seen:2020-10-14 15:57:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'653 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 12288:Z8qcX8omMqHHg0H6gD4grVA/tBDCvezZE0WxytsyIVo7efqrRQAgni9Z:ZlcMozgDzgsveXWxfyI
TLSH 20D47C9D325075DFC667CD76CAA82C60EA20347B831BD207A05315AD9A0DB97EF246F3
Reporter abuse_ch
Tags:exe geo GRC


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rdns0.desar.xyz
Sending IP: 67.205.150.177
From: Mediform S.A Ελλάδα<mediform.s.a@hotmail.com>
Subject: Re: Απάντηση: Request for Quotation (Ημερομηνία έναρξης προσφοράς: 26 - 10 - 2020)
Attachment: Mediform S.A Order Specification Requirement.rar (contains "Mediform S.A Order Specification Requirement.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70858/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42621.25260.14985.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/491206
Signature
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 20:41:39 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ealqx464u7juid5faobkqhfhqax2ainwroedb4ug7ybbcpje3bia._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-g37t9fk69a/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850
MD5 hash:
c2d4404796ec4bbac7ab2b75b3e21733
SHA1 hash:
47ff3795f3d9a5e915069b45a3e6a0aa97545dd2
Link:
https://www.unpac.me/results/396042b5-98ac-4a0d-a853-c4b837335757/
SH256 hash:
1b3803c4cd97ec05914871d73ea8b0edb9642b930a12ac2ae9d6910fd49e716f
MD5 hash:
6bcfd08d911ba44b2fe56092b0e97cd3
SHA1 hash:
1ae3ee1f57c1c0407e849c2ec96a894cf75f04f8
Link:
https://www.unpac.me/results/396042b5-98ac-4a0d-a853-c4b837335757/
SH256 hash:
ffd38886ed63b76f1739466ce3567f7f065fd4db684f801d7e837879b0db803d
MD5 hash:
fb2adf3af3f6651db476a76742b5583b
SHA1 hash:
6f619c2808e40672e4e68983411ff2afe23b8d7c
Link:
https://www.unpac.me/results/396042b5-98ac-4a0d-a853-c4b837335757/
SH256 hash:
607f04646c9f16f7c23fa69d4b8f660fc7c44d40e4f73a0c70a2b315debdaa8b
MD5 hash:
a90baadadf904455325f7bc787185c7b
SHA1 hash:
7d833bb819d638008c98be469b05db2feaf201cd
Link:
https://www.unpac.me/results/396042b5-98ac-4a0d-a853-c4b837335757/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar d7dd043ab28e03ce33042acf1261900c7c06bcecb56c953774e25681ecf2bb05

Executable exe 20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850

(this sample)

  
Dropped by
MD5 3966fd53e7e0c1da3260f0bdf8abc6e4
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70858/
  
Dropped by
SHA256 d7dd043ab28e03ce33042acf1261900c7c06bcecb56c953774e25681ecf2bb05

Comments