MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e695a89076841d73f8bc2984ab615906d0896dcee90ee84317228b34bedae9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e695a89076841d73f8bc2984ab615906d0896dcee90ee84317228b34bedae9f
SHA3-384 hash: 5ab33f67cefe277b7d2f6ff7fdb32bf39b7c2304eb440cb9570e504fc6508064a599af807de51c02c27d2d15649777e9
SHA1 hash: b0d564192af76089668992dc49186bf13e8cadc2
MD5 hash: 83e65c23f68e7b921db46701761db81f
humanhash: louisiana-nebraska-eight-freddie
File name:COSCO SHANGHAI SHIP MANAGEMENT CO. LTD.exe
Download: download sample
File size:470'528 bytes
First seen:2020-10-13 06:13:04 UTC
Last seen:2020-10-13 20:06:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:40m77mhMc7GDVUW6T+mqCJs98b1DXkpkUYAvZpmck79m1LIrTFfqF5EFQBm30pk1:49xg+mq4/OBZDiEIrhtFQIkkkQh5
Threatray 106 similar samples on MalwareBazaar
TLSH 33A4AE6B77E5AF16E03F9BBD142010800BF3E657E327D5893DBA41E80257F9617B2A12
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70283/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.445.28108.30195.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/489235
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e695a89076841d73f8bc2984ab615906d0896dcee90ee84317228b34bedae9f/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 23:38:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzuvvcihnba5op4lykmevnqvsbwqrfw452io5bbroiulgs7nv2pq._file
Verdict:
unknown
Similar samples:
4e726429d1751d3fc0c35bc8b89e643203cbee6475a7d81be840bffd3b340713
645c0709512e3abe9794777c7b49ef75ca1b698fbeff13642da042b8c4def95f
70adcf8ee223dbe448d85361bb3c3c94d906fd176ceb172e6edaa45d25209e3e
7475282fc3b82d0f60ccf30aba39303bc16c9a7a314382560a300dca7257d9f9
889352094880e37d9fb8d07ca965839f595ac5b821996f4290149d1815981a7b
9c2c04c0f5948c88fd2080f911ff1fadaf42102b513249ddc0ea867d71772fab
a49c1be213b2dbca8ad90cf4d212b0d125cfc12eed597b6f0bf0edcbca1a4282
a7f24f863c3e86db31552f6c91365ae54b272594ee446a5a8ab658ac42a26eae
b6dac3c563e7b771fa56992d6c5ac321278e8ff4653b5f50f283855e672cdb3d
fcd9d17277681744a9dbf78dd1fc2dcabfa9be7a4c83c920b1a953eab9cc854f
+ 96 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-myvdcgbvme/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
3e695a89076841d73f8bc2984ab615906d0896dcee90ee84317228b34bedae9f
MD5 hash:
83e65c23f68e7b921db46701761db81f
SHA1 hash:
b0d564192af76089668992dc49186bf13e8cadc2
Link:
https://www.unpac.me/results/c3ea4926-4d50-4dbf-a152-fd3b10e50bcd/
SH256 hash:
42dc4327ba93ef74a885335df16b705e960e14e1f02ddb27b86c3e3f559a1b15
MD5 hash:
0b4d6ce8faf65118ec1b760df06d5521
SHA1 hash:
007063368e8a63f1bb931a6ee6d9e96c8fe9a97a
Link:
https://www.unpac.me/results/c3ea4926-4d50-4dbf-a152-fd3b10e50bcd/
SH256 hash:
13b24d3a09d099dabe41cd6cd71607a77e14640b1e9b4ed2d60f6c012f191c43
MD5 hash:
109cedae3c384a1913107f1efad2b7c8
SHA1 hash:
1f7f35b0ed85fa12bb839cbce698e59a30813420
Link:
https://www.unpac.me/results/c3ea4926-4d50-4dbf-a152-fd3b10e50bcd/
SH256 hash:
791674b9ac443032401cac96e42466395521ca661ac45dc3cb505ffc36ad1e86
MD5 hash:
551a6e6ae793017339b3c5f2e07cb437
SHA1 hash:
3d86de0199c15280a87ce21bfc2e507d055489c9
Link:
https://www.unpac.me/results/c3ea4926-4d50-4dbf-a152-fd3b10e50bcd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e695a89076841d73f8bc2984ab615906d0896dcee90ee84317228b34bedae9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 60eba8d43ab3118a9aeff692ab4d709a7adfb90aeb803818bce6064b0d4648d5

Executable exe 3e695a89076841d73f8bc2984ab615906d0896dcee90ee84317228b34bedae9f

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 60eba8d43ab3118a9aeff692ab4d709a7adfb90aeb803818bce6064b0d4648d5
Cape
Cape
https://www.capesandbox.com/analysis/70283/

Comments