MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33378b4ff2e8e5d64380bf24d787e4cae639cd41ceafbeeff82d7cf7a74be69a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33378b4ff2e8e5d64380bf24d787e4cae639cd41ceafbeeff82d7cf7a74be69a
SHA3-384 hash: 95a50bbd9a991449bb1085141695d9e837319ca3576ae2c23bdf649317a9d1e6620e85b3a1c1b1bf40dc818f8957e389
SHA1 hash: c237870663ad66bdfa8ae46062e23a234039450e
MD5 hash: e60478d832cfe8404e3c9ecf7b8e1c59
humanhash: utah-chicken-india-solar
File name:SOLICITUD DE COTIZACIÓN0832_TXT.pif
Download: download sample
File size:1'266'688 bytes
First seen:2021-05-02 06:31:27 UTC
Last seen:2021-05-02 08:06:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 768:He32534uUPTwUkem046A9u0Fh0y0WA2u+JCBGuDiDkqYtqT2M1T2+6LcM3Qskfvd:HVUVkNi9APtrZRF59asCPqJ59LGK
Threatray 9 similar samples on MalwareBazaar
TLSH FE45E6D439E22D8D6560738308FEA0FE2DAEB8B5FA35062D65519B57C3E01128F817F6
Reporter abuse_ch
Tags:pif

Intelligence

File Origin
# of uploads :
2
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/147887/
Detection(s):
SecuriteInfo.com.ArtemisE60478D832CF.7162.28255.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Launching a process
Adding an access-denied ACE
Creating a file
Sending a UDP request
Sending a custom TCP request
Reading critical registry keys
Creating a window
Using the Windows Management Instrumentation requests
Creating a process from a recently created file
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/706393
Signature
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33378b4ff2e8e5d64380bf24d787e4cae639cd41ceafbeeff82d7cf7a74be69a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-05-01 17:43:50 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gm3ywt7s5ds5mq4ax4snpb7ezltdttkbz2x3537yfv6ppj2l42na._file
Verdict:
unknown
Similar samples:
02cf189467fdb7246a974e84e0deed6ae1a6e5a592cf7b2dc1895ffb4b60370a
6993ffac6e8c4020e152ce6ba165cf3efb429908340d2d9c02812dffc019cf0a
7a524ab3c8435752dd2f42d1cd01558d10938909564b578b841f93f4727b832f
8346b4b66475749310a488fd8af9846f76269e369cba23c9e4615318fcca6aed
a4f9a06d39f0b20bb9e04aab75db64d3cf18ee2025a890471536415b6f18fcd3
b1a5300635ab3fcd5c547e1a50230d40aafded4485cc431ebdd6dd28166e9376
b7d6bbc66a64baf78d4393b91e7c90f1c5400e2098875e35b903fd5e5c48e16b
c4ee3e5cecf3510d88b59f4122e88f50dc99a761338dd1f8fc3eff6bfed2e005
eb9e13fd092522e4dde08e96961117f9926e3ef70ca3b225f8c388e476541a21
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210502-edcpa2w7qa/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
883f5a41e4fa1cf2c4af4c546299c2b76beda4505478b07ed3669c7d7c254d52
MD5 hash:
cfa51b0e1e7c8d3a831a0e0fb411e51f
SHA1 hash:
0b838217b35cdc20afc077b17b2814d5513cb505
Link:
https://www.unpac.me/results/94440e20-dd0a-400b-9e6e-05b41f43badb/
SH256 hash:
bf338b18095d6bb3c60cc6f7914a1b12b76343ede22d774015ddce41c33dc3ae
MD5 hash:
986cd347fc3437d044518d398a62945b
SHA1 hash:
df00c18ffb82399b5c1f5c78a710452ba05f7864
Link:
https://www.unpac.me/results/94440e20-dd0a-400b-9e6e-05b41f43badb/
SH256 hash:
9c38a7914f6bf2d6d5d79cfbf9774cb8635b23374e8f7b4b74d2437d83acb32a
MD5 hash:
eb1855d1e1c033ee597aea9aca119b4b
SHA1 hash:
c88a103eb0ae2d28acf941a10a517f0869fd3d03
Link:
https://www.unpac.me/results/94440e20-dd0a-400b-9e6e-05b41f43badb/
SH256 hash:
33378b4ff2e8e5d64380bf24d787e4cae639cd41ceafbeeff82d7cf7a74be69a
MD5 hash:
e60478d832cfe8404e3c9ecf7b8e1c59
SHA1 hash:
c237870663ad66bdfa8ae46062e23a234039450e
Link:
https://www.unpac.me/results/94440e20-dd0a-400b-9e6e-05b41f43badb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.98
Link:
https://yomi.yoroi.company/submissions/33378b4ff2e8e5d64380bf24d787e4cae639cd41ceafbeeff82d7cf7a74be69a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/147887/

Comments