MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772
SHA3-384 hash: f51e8f5431888a55efb5e700ac24967277869965ae3111b0f54ebc50c21ed0607819dac0680175cc72ee1342630ca8f9
SHA1 hash: af3846cf4de365544cb81edd43964ceea96d8820
MD5 hash: 3cc6e4a9ff416dcb7466c52e63650aa2
humanhash: vegan-leopard-snake-pennsylvania
File name:Payment_Invoice.exe
Download: download sample
File size:963'584 bytes
First seen:2020-10-19 13:14:40 UTC
Last seen:2020-10-19 14:21:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'743 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:1IHlXL/Ht9jCeyr6AneVBurqj9aBiHOfbo:1IHlb/N9jCVrxeVgrkc2Qb
Threatray 21 similar samples on MalwareBazaar
TLSH 57252321A3AE0D67CB0866B9948447920F35CB46443AD7ABFF2875F23B173DD4C98A43
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dd48220.kasserver.com
Sending IP: 85.13.164.135
From: Quality Engineering Products <christiane.helf-marx@akadia-akademie.de>
Reply-To: snambrath.almandoos@bk.ru
Subject: Re: Payments - October Invoices
Attachment: Payment_Invoice.zip (contains "Payment_Invoice.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72961/
Detection(s):
SecuriteInfo.com.Artemis3CC6E4A9FF41.30648.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/495448
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 10:40:49 UTC
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsgret4h7yzuzmtd5mclca2jxwztsorbs6rl3uuhgik2nhrto5za._file
Verdict:
unknown
Similar samples:
04794ec7e7eb5c6611aada660fb1716a91e01503fb4703c7d2f2099c089c9017
400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0
4f9c3406a56e9d87af06fc278db9492c9f5fa7dc3056d40070a95e18711808b9
5a418e084b49b740a94d307baf45d67ac25db462fdeb80065fb60ffeb197273f
5d51e206f70f84b317fa60771e7dc610976c70408e45a89c2418baf4a4cef052
6536526fa3203e5eb97977b6b5448f8b44053d7739147a672ebf8a249c9260ea
7cd9624b6ba4422a372ba8d01bf1287ec10abe7b5d658d40fda20a07344e906c
c169469e2e32039ff3830a8e17bad2444a876e96935b6d925cb2d07353c804c5
ee2a265b6c4ca43740667e85553b24404ecb0742d44e7519fd2bc2e5606c8148
fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201019-8ys3mp68na/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772
MD5 hash:
3cc6e4a9ff416dcb7466c52e63650aa2
SHA1 hash:
af3846cf4de365544cb81edd43964ceea96d8820
Link:
https://www.unpac.me/results/c5589b8a-b6b9-41a9-8910-0af69b05accc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4056dea706b2418fe89741f6dbe5bc520f4e2fc61ced2cd2c2aa73801cfaace9

Executable exe 3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772

(this sample)

  
Dropped by
MD5 f238eacca111c860d2d51b88542f41a9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/72961/
  
Dropped by
SHA256 4056dea706b2418fe89741f6dbe5bc520f4e2fc61ced2cd2c2aa73801cfaace9

Comments