MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e8debf82b69f5842a21c7bbaf83071c7944f257843d31aad36664dc9e951fff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e8debf82b69f5842a21c7bbaf83071c7944f257843d31aad36664dc9e951fff
SHA3-384 hash: 753b7f3bca74fe9b419f7a122b77e6f57f4fabc5ba852aa59c832e5b3e9140460ae5c406b6aa8323fde6389312bf0a21
SHA1 hash: 15ff8e274065cfe9de9267f2df2f02b8b96ca296
MD5 hash: 69274d186c71ec9face040105a968ae2
humanhash: moon-equal-robert-undress
File name:BTC Transaction details 11_01_2021.exe
Download: download sample
File size:2'210'816 bytes
First seen:2021-01-11 08:17:34 UTC
Last seen:2021-01-11 09:30:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:HR1jM3ntVKgNjhgrKl9sMjBc2dgmziuSDHQ191S+k5ARnitV:x1Y3ntVKg71l9+/4wH2cDAB
Threatray 117 similar samples on MalwareBazaar
TLSH 84A5F9067BC5D599C9D1B53A97F9837C03B2E9E751009BA352047AB5DE322C23C3E1EA
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BTC Transaction details 11_01_2021.exe
Verdict:
Malicious activity
Analysis date:
2021-01-11 08:32:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/69e864e7-59b9-4707-ad22-b27d8ecd441b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111233/
Detection(s):
SecuriteInfo.com.Generic.mg.69274d186c71ec9f.28368.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/577704
Signature
Creates multiple autostart registry keys
Drops PE files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e8debf82b69f5842a21c7bbaf83071c7944f257843d31aad36664dc9e951fff/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-11 08:18:08 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2g6x6blnh2yikrby6527ayhdr4uj4sxqq6tdkwtmzsnzhuvd77q._file
Verdict:
unknown
Similar samples:
149b852a8b1cdc51ffe446362137c4eebc2a6223079e71a8ef781ca00c090146
1787f73acf804bff30fe863e077fb5bc9799b3cb39065534198f894757907e79
1f1bc6a65867b976dd8cdc00b6519b60b4da65af780f1636c447e5ebca91da96
3d402a866fb1dc18d7eaaa64013502d3184c25b9f5c93bfa916b5d15cda34a11
62ef8fa630e3cdd463cb173b019d3901a2b9074b8b93553d218dab9300c273ce
677906173148035544d96ed87acd962194baf88a2c5c6a33e2ad94a850a81835
71b915c8b6693dda0259ef1c94ca903be56567a1b17116e621cc19cf0d39affd
b0fc68d01809511045e3837cd93da4eca31cbe69d432287ffe1a716597147f18
b2e52f028aaa499f514e7684c6fae9f7db0532cbbce8fbef0234159fbc2e628b
ea2c05a7e476d1410b1be9db71b2a7fc963b1418b75ab00b8ede81bb65ec7366
+ 107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/210111-hym93z4bjx/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops startup file
Unpacked files
SH256 hash:
3e8debf82b69f5842a21c7bbaf83071c7944f257843d31aad36664dc9e951fff
MD5 hash:
69274d186c71ec9face040105a968ae2
SHA1 hash:
15ff8e274065cfe9de9267f2df2f02b8b96ca296
Link:
https://www.unpac.me/results/b89ea686-5903-44b7-99af-05531148529d/
SH256 hash:
49dc26861fffee2f6440e56a10b7086ea305d2f16bb9e27ba3e08b9893557f86
MD5 hash:
e732cd6decfed3503b4020899d5a56f9
SHA1 hash:
024c1bf147c698e92aae340bbee323601d02a787
Link:
https://www.unpac.me/results/b89ea686-5903-44b7-99af-05531148529d/
SH256 hash:
d2d27f59b366c1ae5cd71ffce1f9c9475e1d2ec10f56bc040f3c5af0934f0e15
MD5 hash:
520367a5fb4f7081458386091047bf2b
SHA1 hash:
2706693fc04deed174314099d8d6ca5e30577351
Link:
https://www.unpac.me/results/b89ea686-5903-44b7-99af-05531148529d/
SH256 hash:
c06d4e3d0205d9bdd4a4b40b8da710d698b3a5d73a1626c9ca058c10b2c6d00c
MD5 hash:
7f67414b3fd29299f2d29ad7c2afb995
SHA1 hash:
2ec40d57c08c47433a6d044d271d74005dddae8d
Link:
https://www.unpac.me/results/b89ea686-5903-44b7-99af-05531148529d/
SH256 hash:
4f81e273da20c5b9835ce6ca57cc061d77764f9e3927bdb1505cb791bf50b046
MD5 hash:
29e19b5dce96140a8b90152b16bd44af
SHA1 hash:
4f3dc6eb876bb58f53966980a9c451a04ec17d8a
Link:
https://www.unpac.me/results/b89ea686-5903-44b7-99af-05531148529d/
SH256 hash:
e2b5646e959fcf2f6ed994780262e65c16cecbc9d3421ada3239f26130ebe8d1
MD5 hash:
7a13d5b7628956f87cb4f24b3e66ff5d
SHA1 hash:
5a2a3e4a70a7ef67180b6dea2273c9c3ae162f9c
Link:
https://www.unpac.me/results/b89ea686-5903-44b7-99af-05531148529d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e8debf82b69f5842a21c7bbaf83071c7944f257843d31aad36664dc9e951fff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 3e8debf82b69f5842a21c7bbaf83071c7944f257843d31aad36664dc9e951fff

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/111233/

Comments