MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470
SHA3-384 hash: 721c3686b6868050beceeb6c5b66e760a3a5f543f5c27a0bce5042fbe3281502a3c4b2c62bfcb6c7c353adfa725ac40c
SHA1 hash: b79dc5fc81e0576177ba8d1e0d2f0a790505922b
MD5 hash: 3c5c648748c976640ea1f0b52b68c0b2
humanhash: hydrogen-nine-cola-cardinal
File name:LISTA DE TAREAS DE BINANCE GIVE AWAY pdf.exe
Download: download sample
File size:194'560 bytes
First seen:2021-01-01 19:08:18 UTC
Last seen:2021-01-01 20:42:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:qRj5RPsKcjqbN/l71vJpVZ0y13knCgmgNCQKaHgcvH772SUwA9jW:qRjnsKcjwxvHVZ0y1UCgVNC5H
Threatray 12 similar samples on MalwareBazaar
TLSH 3714D6A9F3749CA5F416917E987AE8312037AE5AA527091E325E321D4CB33C350B7F4B
Reporter abuse_ch
Tags:ESP exe geo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.securitylabs.com
Sending IP: 66.128.189.2
From: Purchase <office@hermanmotor.com>
Subject: Sorteo de año nuevo de $ 20,000. Premio mayor 2.000 BUSD
Attachment: LISTA DE TAREAS DE BINANCE GIVE AWAY pdf.zip (contains "LISTA DE TAREAS DE BINANCE GIVE AWAY pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
LISTA DE TAREAS DE BINANCE GIVE AWAY pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-01-01 19:15:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f02ad7ed-6d9e-49cf-83c4-23608fac04e2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110235/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35957404.10024.22259.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a window
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/572838
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 335481 Sample: LISTA DE TAREAS DE BINANCE ... Startdate: 01/01/2021 Architecture: WINDOWS Score: 76 38 Antivirus / Scanner detection for submitted sample 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Machine Learning detection for sample 2->42 8 LISTA DE TAREAS DE BINANCE GIVE AWAY  pdf.exe 3 2->8         started        12 chome_exe.exe 2 2->12         started        14 chome_exe.exe 2 2->14         started        process3 file4 36 LISTA DE TAREAS DE...E AWAY  pdf.exe.log, ASCII 8->36 dropped 44 Injects a PE file into a foreign processes 8->44 16 LISTA DE TAREAS DE BINANCE GIVE AWAY  pdf.exe 5 8->16         started        19 LISTA DE TAREAS DE BINANCE GIVE AWAY  pdf.exe 8->19         started        21 chome_exe.exe 2 12->21         started        23 chome_exe.exe 2 14->23         started        signatures5 process6 file7 34 C:\Users\user\AppData\...\chome_exe.exe, PE32 16->34 dropped 25 chome_exe.exe 3 16->25         started        28 powershell.exe 1 17 16->28         started        process8 signatures9 46 Antivirus detection for dropped file 25->46 48 Machine Learning detection for dropped file 25->48 50 Injects a PE file into a foreign processes 25->50 30 chome_exe.exe 2 25->30         started        32 conhost.exe 28->32         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-01 05:26:00 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ec7cvfipn7e6q3s5yvvez7fqa5wxismzy62xpzegh5jtmqlzwrya._file
Verdict:
unknown
Similar samples:
05eda8f2c817ec399048cbcfed705c795be9bf403f746b37d4a073e47bd3ffd3
20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850
5b671338b81105b0b72028af87cba105472e67f019dc5c784b259b99e670c63e
ab928789224fd46229b8c5caffab8625636b7005ba793c796c0696e157da4c99
af45ff354aaf65c450cf147194b0f746243361b1385abe580ba10246fee9bd66
b1ec11ffefb1d9d29251fe84c8712c74c331d4172597f038112ecba875b38d3e
cea37cf1f7250974f023b32b47239ed4aacfdcb283cd898050e9ea6495a9c11d
ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa
ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0
f2848bb06faec26cdb7bf8df01c598641d0d73c8b7c58a7aed106e9864942cf6
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210101-tsf8yhsnra/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470
MD5 hash:
3c5c648748c976640ea1f0b52b68c0b2
SHA1 hash:
b79dc5fc81e0576177ba8d1e0d2f0a790505922b
Link:
https://www.unpac.me/results/37a04184-f73b-43d6-aeda-9dccab5e9f7e/
SH256 hash:
88cb3886a14d07c4a94ba80aef83664aaee193c5870fb50ef5f7cf5611de1145
MD5 hash:
358a967d31f218b1c88f0bf9fe5f8e6d
SHA1 hash:
2c1e15ea709ae95d821efb0f60bb394490f4ce49
Link:
https://www.unpac.me/results/37a04184-f73b-43d6-aeda-9dccab5e9f7e/
SH256 hash:
5026b4d5a20d9bd7f07f111adbfdcdffa3423e83a1f5a982c1c34ad610eaa678
MD5 hash:
51aed80bd9770c6cd1f8782f1e37eeaa
SHA1 hash:
9130e5240d562529ff74c9664fa906168a11012d
Link:
https://www.unpac.me/results/37a04184-f73b-43d6-aeda-9dccab5e9f7e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 3d1abc1b6b0c26a687907a99ea9952f4a4c74e546cba62a0a351785768e0e080

Executable exe 20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470

(this sample)

  
Dropped by
MD5 f05ed8646ddf0922cd49f4cb5bc98fbd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3d1abc1b6b0c26a687907a99ea9952f4a4c74e546cba62a0a351785768e0e080
Cape
Cape
https://www.capesandbox.com/analysis/110235/

Comments