MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246
SHA3-384 hash: 097950705bcd98083f207a48723581056002c88a61c5aa678b352ea8b32d2c85ff9659e8f51ddc97d1feb72fc4863324
SHA1 hash: c1086c621c6e17c94b1e3d18d25be4a3fa730ae2
MD5 hash: 7f41c805f473c71abdbf0c7b561687e4
humanhash: nebraska-thirteen-venus-helium
File name:invoice.exe
Download: download sample
File size:956'416 bytes
First seen:2020-10-15 12:54:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:gQTm1b88apW85XXWlyeqMFsfT+iFeiK3juFcPEq8:3m1bjeW85hICT+iMiK3jeCEq8
Threatray 20 similar samples on MalwareBazaar
TLSH 191523599363C112C51A14B628EDB6636B38225FFB0AB35F1CD8865E05B1FF219B7CE0
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dd17118.kasserver.com
Sending IP: 85.13.137.241
From: USA BANK <admin@bmw-motorbikeparts.de>
Subject: Re: Payment
Attachment: invoice.zip (contains "invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71391/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/492451
Signature
Antivirus / Scanner detection for submitted sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 03:00:05 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqnzh5zdnkaa2oeueo2eqrgjeb6llk2ai7mamuenhgdmawfccjda._file
Verdict:
unknown
Similar samples:
0475b267bb4bb0a7361831168694a3c3b411e64f9f3b2edb2ade4a215dc7400b
16732dd83907bd9e881729cca144a2008193830f9db8686030216091a380d9d0
18dca52ce50cdf148ca233fb83cd2c3e3c7b39a9ac254c96ac374ae63eb8f44c
4a024542511c7d0a40e8317486b7177eaf71ee355f1731f17bc632731ea814b0
6637c089017af9c448d8235e20db32603d8547f0611187341cf184dc66c170b4
94ed91d33fa5a14f97c31acc659d4600b695920f7df7e79e2a86caf6da8026ff
a183a94f7c049de1770e76be272a29e0ec7b3b4344ef5c4dc2fe9ddd5962b5bd
b60f7101e7fe4632ce94f03fe039e6ff31d5d4a00b304fff73f7cfd3d9023e4c
b646b8f4e9a67cab72124eaa7db809117f7d887e27e2eaafffacdc2703668cda
e6dfcad46c8b12e94422ad9024ad5727d24d9bbd6ee3f19d20bd2db1a3946b4c
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201015-sgh1n4zppx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246
MD5 hash:
7f41c805f473c71abdbf0c7b561687e4
SHA1 hash:
c1086c621c6e17c94b1e3d18d25be4a3fa730ae2
Link:
https://www.unpac.me/results/0023a232-adc4-4811-bc54-9f479afc0ca8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d4ad5a58e5902178284c073527c05cb5ff2688286740353d55cbb93087bea21d

Executable exe 2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246

(this sample)

  
Dropped by
MD5 a7f6343ed30aca0f4d390eb1a6b57258
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/71391/
  
Dropped by
SHA256 d4ad5a58e5902178284c073527c05cb5ff2688286740353d55cbb93087bea21d

Comments