MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8
SHA3-384 hash: 59716c1810367865c757a5fc2ca58b5f9c387dc64d84625942dfa86aa3a0b9281ab3143506bb75c1a10374636d470a8b
SHA1 hash: e0dc2d79680965002e9ec07ad43b8ae6b8f07eb0
MD5 hash: 241f1e6a4084d8aa20b526001d5cf982
humanhash: island-cat-queen-louisiana
File name:company certificate.exe
Download: download sample
File size:71'544 bytes
First seen:2020-10-13 07:56:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 768:HhFEQtGo5DU3WAJX3imftl17692ACekkN36LdC+meUf2huv:BFPtW3nImp2wlekkN36ZC+meUfz
Threatray 19 similar samples on MalwareBazaar
TLSH E163ED4F2BA14F02F2639734BA4F2913E2F0764736F7CA61C9531A86DA5308D6B97913
Reporter abuse_ch
Tags:exe Yahoo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sonic305-22.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.185.148
From: benco incorporated <dougles_g_russell@yahoo.com>
Reply-To: bencoincorporated@yahoo.com
Subject: Fw: latest PI
Attachment: Products_Pictures_logo_Designs_ pdf.rar (contains "company certificate.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70339/
Detection(s):
SecuriteInfo.com.Generic.mg.241f1e6a4084d8aa.20599.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/489386
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8/
Threat name:
ByteCode-MSIL.Trojan.Dothetuk
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 06:18:39 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hmmg35yha47oayehsve3oxyr4hfnjqrf2loe2db5fehj7uuvc6ua._file
Verdict:
unknown
Similar samples:
1befcab4a8d97cea8592fa608814f038fd956a5f1f2ddfd9ee8b9402045a705a
24d32404b88210f6f5cb58362bc6122c7f7545ee8b792c075df1b0069a4f10d5
29e2a8176598cb686dad7e472e9a892b9569263f448dbe9ecd5b5c660e447b12
2a5d30dc92fc78dde49b80dc9c073a931239da4f9b4e3f6f732384662a09ec9a
9913754d30b7cf04988adc1cb3d04fd3822958908216bd48df128df2a653f8cf
9f335bab72c02acf039bc0366145e832630347a1d141dd1ae768637e52a1a7ce
bf5bfc937843a28416a3481a7ab598e3e5ce6020c8a651a836a27ca7eca06410
d4ad194829837ef26e4edc89c9a7bd0db40904f93517cdc137bc78176ef617fe
d55bd71d4425756d7412d97dd2e0c53203ba40fae381c980322aee5682acc79c
fea260d8c97eb6ae4079fb37951566b9f2ec8f785688a3ff63bc7833b6cebdf0
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-vjwzerp83a/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8
MD5 hash:
241f1e6a4084d8aa20b526001d5cf982
SHA1 hash:
e0dc2d79680965002e9ec07ad43b8ae6b8f07eb0
Link:
https://www.unpac.me/results/77b2636a-909a-44b5-a064-6a5d9c5ab672/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 89e2021ab6fa9ec200cf0944db86008d8fee7dd6ff60f2d040665f4bc6dd2a29

Executable exe 3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8

(this sample)

  
Dropped by
MD5 250f06ae1d8b19ad6059ab9dd54a7a6c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70339/
  
Dropped by
SHA256 89e2021ab6fa9ec200cf0944db86008d8fee7dd6ff60f2d040665f4bc6dd2a29

Comments