MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c
SHA3-384 hash: db10e1a741c4c67ce7a93eb68172e065d92dc04a2242b354b240239295653d2c92166c7653bbb2ef00da904e15b37146
SHA1 hash: f2a7cd3e3e52434ef51267c7da4f9f59051e6ac4
MD5 hash: 2d406193a862c4cd680d732667d5550e
humanhash: mockingbird-beer-leopard-fillet
File name:New Order NN.exe
Download: download sample
File size:444'928 bytes
First seen:2020-08-14 10:41:50 UTC
Last seen:2020-08-14 13:08:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:YfeN1UyLxg1wurMcplbEsVYRIpXWfOjTOV:Yf1yVCwGMSSipXUOfOV
Threatray 87 similar samples on MalwareBazaar
TLSH 3194AD05F7A1AF01D2E42974D1A309364BE6E5873376F38E3F0946E26E122749D9E3C6
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: setentaycinco14.nsprimario.com
Sending IP: 188.93.75.14
From: Zhukeng Cooperative Co., Ltd <donatella@fabiorusconi.it>
Reply-To: michaltony2020@gmail.com
Subject: Re:Re:Re:Re:Re:New Order_WR-088399R_doc(3)_109.818,52€
Attachment: NEW_ORDER.IMG (contains "New Order NN.exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Heur.MSIL.Bladabindi.1.27264.4310.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/429488
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:43:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ha7frfcbwlkh3kaqryew3s7pmuazgxur6jeblctcjpwzd7xrkjga._file
Verdict:
malicious
Similar samples:
15c3cfbad0e3b0afe327e53605c463775ef2ae1d5c21b23928a2aa34b7e36719
34cbecb7d69d17b347da77599976058e0a02a9930a085d1a5b98505fdfb77a46
354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9
4f4ecb62cff991d6e30675be71df634dd9f0e48ce95c4ba92fc9116d6cc25896
7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974
7e9b9bbb673e25ab8ee790dbfd2a3e489c0d3a88ab73aafe671f68982f1b41da
8025c16aa7b7e0d0dfe71e8f627c287ebefc935a6b65cf180409f36633626277
8a0212846806b7a822b1275aa4421addc9914c4a988fc0ac6458a48dd99ff50d
d047df658498dd43b18f3adaa2775c42d1103a0c211eb52ff1e312c9f2784149
e0035aa03440db1460ee92e59d384ed20dce147a7f62c846c486da9decac4b28
+ 77 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-5r857mbfs2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.52
Link:
https://yomi.yoroi.company/submissions/383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img c121c811c1011e992bfc9a0ca1a72d5b20d9acb0dc21bb47f1576958e58a40ea

Executable exe 383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c

(this sample)

  
Dropped by
MD5 6b35b7a8139d4c139331f9ab96430001
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45838/
  
Dropped by
SHA256 c121c811c1011e992bfc9a0ca1a72d5b20d9acb0dc21bb47f1576958e58a40ea

Comments