MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233
SHA3-384 hash: cb3207b5477efa7ee26a856568c5aed64e52b84ed2889965acf67c9d2097033c5d9030a48b071e18df3e8ca666d5cc36
SHA1 hash: 773ee1ed86a1a43fd69315489a8b4aea711be1e7
MD5 hash: ca9cc86fd540cf7a0149e4d440bfdaf1
humanhash: comet-papa-pizza-low
File name:ff3382b73eee7ce53fe8e146ea35d41b.exe
Download: download sample
File size:1'460'424 bytes
First seen:2021-01-18 07:38:25 UTC
Last seen:2021-01-18 10:42:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:VxY9uv8/GvVovJN3zVf+kMcds+Mp9fwBp3KikTgShsYXu:Ii8OavzVf+kBds+M76
Threatray 16 similar samples on MalwareBazaar
TLSH B4656CA85DA76E39D433275F51A4E849D3004F7827EA479673FBE7A83A036054B08DBC
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gunjimwa.com
Sending IP: 68.183.65.32
From: Rose Vu<sales.rosevn@gmail.com>
Subject: Order -6103
Attachment: file.zip (contains "ff3382b73eee7ce53fe8e146ea35d41b.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
New Iquiry.xlsm
Verdict:
Malicious activity
Analysis date:
2021-01-18 07:25:17 UTC
Tags:
macros macros-on-open loader
Link:
https://app.any.run/tasks/1670ecfc-c944-4fd6-826d-34d3dbbf24c6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112410/
Detection(s):
SecuriteInfo.com.ArtemisCA9CC86FD540.22241.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/583392
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-18 03:34:07 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibumti3tsttwsyg7no3t3cdwbpqdogxxpijicy2g6ja5lmoocizq._file
Verdict:
unknown
Similar samples:
0213b080d6e1188df027bebfc9d5fa07d0548168997536afd0471c29be4ce75c
4b54cee8f8b2575cee216504872b9849201aea876327300a57d34f089ecdcd57
4fbea091009ae3c79eae3794ef4477055b3e8902e08a8565ef25f90489a2f08c
b8d2de495b9ec7f42b0f25b1fc532915a4378b683daafb1ecb5171624ea7a83c
c5f803db7130a7863d26ce38997bea3d62e7c166f27c878576cb482e9618a22a
e88c90bd34759e75f02ca1b3413916e7e3bab94daa1fbb540cf87cb79000164c
eba0abe9461df84c76949df2d559f66b0379cbdbd430f8db884c55d0aa469980
f1f8cbfc6921ce73c2c3668b2fded2a1bdb3cf8d5434f23090840115188fd7b9
fa7b9f85c252084827387001e3e113db0800169afc79e4f3305e0a1d3574bccd
fb1c77156c32d3643f2b21550110a48c3bbf869d2f0aa099b7400646e1fcaeb5
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210118-amp58w9wk2/
Unpacked files
SH256 hash:
bae2781324ad1cc72f0cfad1964f7d9efeaf301693c3be183922cd75ab376839
MD5 hash:
20732dd40d8c974fbb6902858e5decd3
SHA1 hash:
c572cb6068c34fbe98eac5466bbe09769df1c70a
Link:
https://www.unpac.me/results/700d3a1d-bd2f-4376-9612-9d8db1e9a7d7/
SH256 hash:
1698e29956c9e284e2da265b8045f4829f6710cbb1109505c9d3863aaf5e345d
MD5 hash:
268e9920cf1b301387d3de67815abb0c
SHA1 hash:
59e783c9596b729fbac0f2fd628bcb421fd5f41c
Link:
https://www.unpac.me/results/700d3a1d-bd2f-4376-9612-9d8db1e9a7d7/
SH256 hash:
4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233
MD5 hash:
ca9cc86fd540cf7a0149e4d440bfdaf1
SHA1 hash:
773ee1ed86a1a43fd69315489a8b4aea711be1e7
Link:
https://www.unpac.me/results/700d3a1d-bd2f-4376-9612-9d8db1e9a7d7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

tar cc1309cca8c5ad5eb5a7712d3c40d85527e7a0fb47c0f21d8881a295fd09e10e

Executable exe 4068c9a37394e76960df6bb73d88760be0371af77a12816346f241d5b1ce1233

(this sample)

  
Dropped by
MD5 bf70deca054f5e54d330d28e559fd0a2
  
Delivery method
Distributed via e-mail attachment
  
URLhaus
https://urlhaus.abuse.ch/url/969670/
Cape
Cape
https://www.capesandbox.com/analysis/112410/
  
Dropped by
SHA256 cc1309cca8c5ad5eb5a7712d3c40d85527e7a0fb47c0f21d8881a295fd09e10e

Comments