MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438
SHA3-384 hash:	cf7f678998400c2c78e03d3328e6f4ce1461dca3ec6fa4049cb32fa2d764b86db176f672498c41609f0c36f45618f4d7
SHA1 hash:	7e42cd60fa0c9bab3086a78835003238568d56b5
MD5 hash:	168f93f6550b8d6d89a9d41683f8fe68
humanhash:	eight-texas-skylark-quebec
File name:	make_money_with_it.exe
Download:	download sample
File size:	77'312 bytes
First seen:	2020-10-10 06:43:06 UTC
Last seen:	2020-10-10 08:05:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	768:3MbslERXcnrC2Z82btvdRmD/Nueb3T8DdUQ5Nxq3/x6A7OpSYFku/yr:GRXeC2pQX6Ne7lGNyr
Threatray	13 similar samples on MalwareBazaar
TLSH	41738619E7028B83C41446396AD4E1300E1B49187F4BAD45B2DC6BFB7BEE76FD56260C
Reporter	abuse_ch
Tags:	exe

abuse_ch

Malspam distributing unidentified malware:

HELO: mail.skynet-tt.com
Sending IP: 124.217.247.63
From: Olga <info@skynet-tt.com>
Reply-To: Olga <olga.rokina2020@gmx.com>
Subject: Hi there!
Attachment: make_money_with_it.exe

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/69696/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/487404

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438/

Threat name:

ByteCode-MSIL.Trojan.ClipBanker

Status:

Malicious

First seen:

2020-10-08 20:33:16 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fcdn5hlw55fakmoseow53maxzjxqvrpr22obnr2zlmfmsbi5kq4a._file

Verdict:

unknown

71f2ca63111e328be5ab5d88978b8d41bd59735382cac9131500c079ef91358e

8a11790a57ada815e5fcb19b62fb18d2ae9f22a498f1a46b1677d3485b5c235c

9617dc1938ef945ab37282b04d7d083412485c144dd60c96d68f508da8a1a7c1

98a294ca4d80e911198ef121f3d1f170adba61b11c25dea304eaf4e6cbe7d52b

aa18910412099ecf87968e2cf4b18088ecfe5311ace3a8f7b70612ce292063f7

aaf4ec4fd94e1da7b19a572aa597547d47e3d727e9d23a664996d62b0d3bcc88

ad8554c3f5d4811f6a4868a84054f8a55606243ec783fe47e42409ed431e875e

cf0c7af64ac3fe68335149f081ba815c3204240ac04fe4acf3fbf6649d67613d

f3fef410e218d09456d23023230eeb7e1ed3277b2fe8b89f51cdb6d863a525af

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201010-llakgkaq5e/

Unpacked files

SH256 hash:

2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438

MD5 hash:

168f93f6550b8d6d89a9d41683f8fe68

SHA1 hash:

7e42cd60fa0c9bab3086a78835003238568d56b5

Link:

https://www.unpac.me/results/a5c00788-f602-4c76-846c-1f19936fe454/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	IPPort_combo_mem Create hunting rule
Author:	James_inthe_box
Description:	IP and port combo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 2886de9d76ef4a0531d223adddb017ca6f0ac5f1d69c16c7595b0ac9051d5438

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/69696/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample