MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2990e8d7b0703017f2e13c7e360eb8300977e071e37ea87bc1d9f6b5ec12ff70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	2990e8d7b0703017f2e13c7e360eb8300977e071e37ea87bc1d9f6b5ec12ff70
SHA3-384 hash:	61a4c2fee285dbb339d8bc43cbaea2b50eac1ff4994d594e9ed9cb5a18869c309319886a5aa0d3dd13901dfd78f50df2
SHA1 hash:	8dd83ba13b0efcba728d15f0b3e807ea4998fcac
MD5 hash:	3e543dcab4b28721134ba63deb0404ed
humanhash:	idaho-triple-october-colorado
File name:	jR6TWgy9aQIuYGP.exe
Download:	download sample
File size:	813'568 bytes
First seen:	2022-07-14 15:19:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:izUOh7MCpofHw2wtIC42Qvzg+HLyTw1aDlehFcYzz7120eAkaE+Us8/KH:izUk3pEoIHUmQw1YEFpzzpPeAfEZsE
Threatray	4'529 similar samples on MalwareBazaar
TLSH	T15705121366AD176BC97DA7F40893AC1213B12D2A6912D7891F9A38CE2CF7381B501BD7
TrID	64.2% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 11.5% (.SCR) Windows screen saver (13101/52/3) 9.2% (.EXE) Win64 Executable (generic) (10523/12/4) 5.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.9% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	lowmal3
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

328

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

jR6TWgy9aQIuYGP.exe

Verdict:

Malicious activity

Analysis date:

2022-07-14 16:36:07 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f1659fbc-40a7-45db-9727-f232a97c11c1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/289132/

Detection(s):

SecuriteInfo.com.W32.AIDetectNet.01.18627.4359.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/62d0346201fde6ede681f8e5/reports/15580d55-cc0f-49bd-a5ee-d7da749c799b/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1031543

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2990e8d7b0703017f2e13c7e360eb8300977e071e37ea87bc1d9f6b5ec12ff70/

Threat name:

ByteCode-MSIL.Trojan.Dothetuk

Status:

Malicious

First seen:

2022-07-14 15:20:22 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

17 of 26 (65.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fgiorv5qoaybp4xbhr7dmdvygaexpydr4n7kq66b3h3ll3as75ya._file

Verdict:

malicious

2b9b22265b52f39f397b933737a5aa973998a20910eeca60e2c7ad908ab6232c

339977335a0e4a0029c4484e7067b2e1a18f29bcbc27a90b639d6c24daa88803

3b2aed15298aa9110cc90c069742839fdc9ddb24f91a8269284a504a5ba1fb9c

42c1ad51f502151cbc2325e65273450234d4b8a1806e5e5634bfd0ac1e00417d

73f63be65028608cd2e160257ac4a96746ac412c0907aa229907a0ba0ae957a9

7618bf00136b85af624ec2d4b10f52aca8d61cab901499e1abecf0af43f5eb8d

8399cf97a24ffed931ae3b24203ff6af69027c5d5651a31b11ccd51840b1a113

a1c06c21287b1e7e5ad1d2588d9c4a0a69a906febc76a0d57b1d87db8fa2eb2a

ba18ee8213b7312c5140deaaab63cc6fed9a307b608429617490ecf9d592d8ba

+ 4'519 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220714-sqq7vacac9/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

883b63ef84c6b1cc09687962beca56e4f4b7960df7c5459e29998befaa3ccf15

MD5 hash:

ecb3f27eb8279c51608c8ea8f8050655

SHA1 hash:

82385d75444ab5fccacf37e2746c7dce73faa7f3

Link:

https://www.unpac.me/results/24b75673-aaa8-4867-abf3-30c0b8e3877e/

SH256 hash:

ece1ce4f72fc12eed8120f124d55fe470680e25e9a0d17cb7cf5c1bd3271a6eb

MD5 hash:

dcbb93c753b29f879335df92b947b0ea

SHA1 hash:

7c8a596439413b5053c790a0e1cbd44862b7e03d

Link:

https://www.unpac.me/results/24b75673-aaa8-4867-abf3-30c0b8e3877e/

SH256 hash:

9ac5d9240ca85b5a28afbcf03a0a5490108417f89cc5f45b4e7266a3fba8c36e

MD5 hash:

ebb22bb2479e32c69bbd4e4d30c98cbd

SHA1 hash:

44f01ebbac423b8074a32fdcc00a9fa09ae94e91

Link:

https://www.unpac.me/results/24b75673-aaa8-4867-abf3-30c0b8e3877e/

SH256 hash:

07a669badf12ee362884eca88c04ff18b102b9cf7b59653807fc451ad4e7b8fe

MD5 hash:

f6df51f6176af38265fd8933b3f473a7

SHA1 hash:

2c7549beab772727065d025417e42ad6840294b9

Link:

https://www.unpac.me/results/24b75673-aaa8-4867-abf3-30c0b8e3877e/

SH256 hash:

2990e8d7b0703017f2e13c7e360eb8300977e071e37ea87bc1d9f6b5ec12ff70

MD5 hash:

3e543dcab4b28721134ba63deb0404ed

SHA1 hash:

8dd83ba13b0efcba728d15f0b3e807ea4998fcac

Link:

https://www.unpac.me/results/24b75673-aaa8-4867-abf3-30c0b8e3877e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.61

Link:

https://yomi.yoroi.company/submissions/2990e8d7b0703017f2e13c7e360eb8300977e071e37ea87bc1d9f6b5ec12ff70

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 2990e8d7b0703017f2e13c7e360eb8300977e071e37ea87bc1d9f6b5ec12ff70

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/289132/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample