MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: 2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3
SHA3-384 hash: 6509339b71b900a9a24f95c74722b087e8fb95bde7fb57de65fa3d93c53d92e9fb4fd7a4768146651b3d234ace2a3495
SHA1 hash: 89519388c279f31965335533e1d4160c2b1be1a2
MD5 hash: 7b23eb3ce804bebde63cb347619c90e8
humanhash: twelve-arizona-six-east
File name:payment.exe
Download: download sample
Signature n/a
File size:11'506'316 bytes
First seen:2020-05-11 22:23:52 UTC
Last seen:2020-05-11 22:43:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e72c3bfcbb77a361abf35cfdb2b95db2 (1 x Formbook, 1 x Mimikatz, 1 x BlackKingdom)
ssdeep 196608:DMicrGyD2uF1AMxAsmBXGe/tbYPvbJQlHmZ+C8Cwv3R+MHQiE:YicrGyzF1YNGe/kJQlGG+o
Threatray 35 similar samples on MalwareBazaar
TLSH E1C63386E9418436C05B073222BCFDB94829ADF4BA3DC56508DC7D2B7CB674C76A6C63
Reporter @Racco42
Tags:exe

Intelligence


File Origin
# of uploads :
2
# of downloads :
71
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Lazagne
Status:
Malicious
First seen:
2020-05-11 16:56:00 UTC
File Type:
PE (Exe)
Extracted files:
1776
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Behaviour
Modifies registry key
Suspicious use of WriteProcessMemory
Adds Run key to start application
JavaScript code in executable
Loads dropped DLL

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments