MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733
SHA3-384 hash: a24ad4be84fb7813d942d3d44067e853f70894b659ae269fdec080d3c5089e7e0827037802dd8e5f5be7169b8746a069
SHA1 hash: 82fa8aa8a75a1194232ec186bb73266f7b76d56f
MD5 hash: efb2808e93c3f53bdc896c2957cc9b87
humanhash: comet-minnesota-aspen-don
File name:121.exe
Download: download sample
File size:3'765'248 bytes
First seen:2021-01-13 20:19:35 UTC
Last seen:2021-01-13 21:59:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'659 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 49152:iZlsPAQv/xCw5MS792lpvhbjueUWwLs2:iZlsou/x/d7mvhbyZ
Threatray 37 similar samples on MalwareBazaar
TLSH 6D06702F6DC242A0D6C5AC71E3FD66BC06F147BB1616A6F2010567F2DF6128E345B0EA
Reporter abuse_ch
Tags:Endurance exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gproxy1-pub.mail.unifiedlayer.com
Sending IP: 69.89.25.95
From: Chem Kanchana <info@purpleinc.co.in>
Subject: Outstanding invoice 645378
Attachment: 121.zip (contains "121.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
121.exe
Verdict:
Malicious activity
Analysis date:
2021-01-14 05:19:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cfdfc471-26ca-4a1d-affd-890e546b15fb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111865/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.505.14597.9891.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/580618
Signature
Allocates memory in foreign processes
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733/
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 20:20:17 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hbsaac644vbqnz4hx23t7oycmqxxuu42fqsv7rxhnxf6fzufy4zq._file
Verdict:
unknown
Similar samples:
2d564ae361eb499ca493273e9fcfb88546105c88293c7633a7e1580a435cee9f
75674ba2558d6fcf6d3992f09bd87aab282ea0b2d9bd01d6e0149a869506e3ce
7c8f873fc34661a785875f76a1f3b1aff6719e69d2a4ea5d2d94f849282b623a
7eb2de2bfd05ee1e83980aa914486789d2e8f3fb3cc6e166f140302fdaf40cd9
91a31ae7de6c7cfa8123333cec0fb4ac9317b12e8b1ede01de97936c8ab82ed7
adedffa71c26b2855f85a6eba9f0415769efc743022f44a8f61c95b09b7dedf3
b1251d0a542cd96f6957904d30289cbf675035ae79ac4158fc098aa84cd22506
c75e2b1752bd8221bd68fea21243915af2a92834a23d148a46e41b370badfd18
d0b62e121a89ba8e44b4b71a887dd80df1e4fc746dabc200854622e9ed1fa8cb
e1154377f15905cdb109d790a5c0232627861b7d560514aa3f110b8dd39645f8
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210113-8vznh37vy2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733
MD5 hash:
efb2808e93c3f53bdc896c2957cc9b87
SHA1 hash:
82fa8aa8a75a1194232ec186bb73266f7b76d56f
Link:
https://www.unpac.me/results/ce29618f-22c9-4dfc-b23c-032a63daed2a/
SH256 hash:
49dc26861fffee2f6440e56a10b7086ea305d2f16bb9e27ba3e08b9893557f86
MD5 hash:
e732cd6decfed3503b4020899d5a56f9
SHA1 hash:
024c1bf147c698e92aae340bbee323601d02a787
Link:
https://www.unpac.me/results/ce29618f-22c9-4dfc-b23c-032a63daed2a/
SH256 hash:
4f81e273da20c5b9835ce6ca57cc061d77764f9e3927bdb1505cb791bf50b046
MD5 hash:
29e19b5dce96140a8b90152b16bd44af
SHA1 hash:
4f3dc6eb876bb58f53966980a9c451a04ec17d8a
Link:
https://www.unpac.me/results/ce29618f-22c9-4dfc-b23c-032a63daed2a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 92dc1497d414ba3bc5c6fcab4836dfb15f6ca33768eee5f9ca21e8bd689622ef

Executable exe 3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733

(this sample)

  
Dropped by
MD5 fdd2093985b6ed05dce9b41ef094ef3f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/111865/
  
Dropped by
SHA256 92dc1497d414ba3bc5c6fcab4836dfb15f6ca33768eee5f9ca21e8bd689622ef

Comments