MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d
SHA3-384 hash: 6fabd6ef1073f4f6a8bb2688a9da56fc9ceed45ee960042070a58e46335ff37c90a79bc4e49310d0843c989e697b1e79
SHA1 hash: ee9be32a2518aac33e5546d21ce979782f0e8ea9
MD5 hash: 825824b74295db93fdb11bb98de59d26
humanhash: monkey-vegan-music-failed
File name:newbiggi.exe
Download: download sample
File size:867'328 bytes
First seen:2020-08-14 11:29:07 UTC
Last seen:2020-08-14 14:40:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'207 x SnakeKeylogger)
ssdeep 12288:j6jdqCWVmpDdNOidK3J2KTc+v6H3szykdtBIKCDJUpQfL8svnQ3I4afluC6T:jSDWVmbqoe6H8zyi2L8svnQ1atuL
Threatray 6 similar samples on MalwareBazaar
TLSH F00512487EE99A29D1B78F7CD4B1B9212379B58C6812E7950E50A84F14F3BF88453F32
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ns388824.ip-176-31-255.eu
Sending IP: 176.31.255.155
From: Yongha Yang(Nick) <yhyang@berndorf.co.kr>
Subject: PAYMENT
Attachment: swift.xlsx

Unknown payload URL:
http://sytemforinternationalfiletransferprotoco.duckdns.org/newbiggi.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45885/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.22910.19610.21197.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/429621
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 267281 Sample: newbiggi.exe Startdate: 16/08/2020 Architecture: WINDOWS Score: 26 13 Machine Learning detection for sample 2->13 6 newbiggi.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 11:31:04 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb
3a401149f225ae5e95303480b98a80c0374ca1e4589d15ac79aa2b2a646f66e2
5404f329ed837bd8c8f109255711f9a8d7f5e0b05ea6e575408473834a5088bd
706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78
b6c0b0c1a9637ebc1fb2944ab47cdbd039b29dbf7d0e979769d6d5c209a8f01e
dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-l2ca98215e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Barys
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xlsx c413ad2d5d387fd80f6db3509138837e2cb1b2ae632633d7667421fd3b6e63f7

Executable exe 3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/433111/
  
Dropped by
MD5 e8eca59abbf7261b6b0262d1319647df
  
Dropped by
SHA256 c413ad2d5d387fd80f6db3509138837e2cb1b2ae632633d7667421fd3b6e63f7
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/45885/

Comments