MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0
SHA3-384 hash: 21bcdeb76608cb29e57e2c5f97808ea1007d8ab84ff6c01c6a6017040a804be82d10e57af72130361c169070826bb0cf
SHA1 hash: ded2565147d3715353ee71453430460270bfd118
MD5 hash: 19739b65cebd4d6b17c8775b1973329a
humanhash: fish-cardinal-spaghetti-mexico
File name:Shipment address.exe
Download: download sample
File size:963'584 bytes
First seen:2020-10-19 09:52:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:rsF/Kv/WF0ai7N1eIA4ckkkPhMC+Eg5jRT1K:Yk/WmXR1eIA4NkUMC+EgNRT
Threatray 10 similar samples on MalwareBazaar
TLSH 44252315ABA8CD32D3A699B7965C411B2A305DE32030EBF6EED835D1CF6B9802D051F7
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dd24812.kasserver.com
Sending IP: 85.13.146.44
From: Quality Engineering Products <info@badrenovierung-ehmann.de>
Reply-To: snambrath.almandoos@bk.ru
Subject: Re: Payments - October Invoices
Attachment: Shipment address.zip (contains "Shipment address.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72839/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.10769.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/495158
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 05:08:59 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iadbh2q6j6fcfmpv5vyotowkmbciv5dm7plqzjxv5rvxjl26t7qa._file
Verdict:
unknown
Similar samples:
32635286140f13f1690c483c2a06bacc67990427515f37a6cf2d93c8a30db5e9
4a024542511c7d0a40e8317486b7177eaf71ee355f1731f17bc632731ea814b0
5a418e084b49b740a94d307baf45d67ac25db462fdeb80065fb60ffeb197273f
5b5a1a7507d3758b05be55fb8218911b700fb933750fb310b454680e580fc58a
6536526fa3203e5eb97977b6b5448f8b44053d7739147a672ebf8a249c9260ea
7cd9624b6ba4422a372ba8d01bf1287ec10abe7b5d658d40fda20a07344e906c
a183a94f7c049de1770e76be272a29e0ec7b3b4344ef5c4dc2fe9ddd5962b5bd
b4b5110b2babce8946d262e6f75215f1c7a6f036eeb3eda5223b9430d5235d46
c169469e2e32039ff3830a8e17bad2444a876e96935b6d925cb2d07353c804c5
f72a7401885bd2c5ef7ac79407e2f5b803e475b4fdb598207a103c908e63179f
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201019-m9bb4whddn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0
MD5 hash:
19739b65cebd4d6b17c8775b1973329a
SHA1 hash:
ded2565147d3715353ee71453430460270bfd118
Link:
https://www.unpac.me/results/45024edd-a64a-43fa-9e18-c9ee8c03be79/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 921bb80424a4deeae9b27010d7ec64f138417d35796bb6fd928480ed169c9741

Executable exe 400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0

(this sample)

  
Dropped by
MD5 5eecfc1254cd46b2d2943a639fa728a9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/72839/
  
Dropped by
SHA256 921bb80424a4deeae9b27010d7ec64f138417d35796bb6fd928480ed169c9741

Comments