MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457
SHA3-384 hash: d73c25a174b7d9a6112ba2c8f2be2751f92ff2ad7714ce664191341418da18ea5e51231dad9cad430a155be3c40b2a69
SHA1 hash: b2a698ae4621bc3c6b22da948dd79a4eb8bf663a
MD5 hash: 4e275d4d921f5b8083cf7e308ecfbde0
humanhash: queen-five-utah-white
File name:AWB RECEIPT_73451421.exe
Download: download sample
File size:947'712 bytes
First seen:2021-04-22 06:26:04 UTC
Last seen:2021-04-22 07:18:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:+sLZEZQZGzRRRRRCF+PYk4vzzgpCmkoJ31tJLTiRPM+F+qWK5:jcRRRRRCFYYk+zgplJF/TE+qp
Threatray 394 similar samples on MalwareBazaar
TLSH 1A159E41B2A9C8BBD41723F1D896F4F412956D45EA22912F359FBE1F79B334210A3E0B
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AWB RECEIPT_73451421.exe
Verdict:
No threats detected
Analysis date:
2021-04-22 06:32:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c315bad1-ef05-4a30-98fa-4d9b5b936566

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/143549/
Detection(s):
SecuriteInfo.com.Artemis4E275D4D921F.21974.23633.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/692456
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-04-22 02:07:36 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewzhx532pvm7hpobhrcger2uglkpiwjjoo7vwlsprrbm3i6ysrlq._file
Verdict:
suspicious
Similar samples:
386d18d45cb2b33504413196d292b00ef26db3758f5b5cbbb58ad240be7d7af6
704bd3f6c7d6671e896d71bc871f415cfc78209ae32cc518e95e39e7c06f83ad
7ce411ff4c9298f999527e39ad53f76697804e3ca427499db5da0292f8ef710b
abbc118eb1bf05f65a684916411d404bfb76e44bd498c9be15ba798561e9effd
bd299f37aa9e98b1f42640c6c588b65fb932abd4c3c4b7d258e37be327ae60a4
d05ddf26b630675edbee36cba07cd0db94c645c4685a1c533b3a025c7a9669e4
dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25
e513fe3d22372fe4e0da834dbecd9fda11473a5861b195d9330b2b23c82650e8
ec66bb08e7be3e235c199b1f253e949fc4296b105b7046cca10ae732cf347873
f3b2b42ef8cec0923c1775d70e26d43577f386e0080b5e3215f608dd33e75313
+ 384 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210422-mwpd615q3n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/143549/

Comments