MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9
SHA3-384 hash: 2e739810bd26e188b8ea9499f6eea771e9a729b836745dc50c7a9337d1825d7a1b407cba3b2fa1b3679fbea63f8bca7f
SHA1 hash: 38f93e12daf7e7e9ac1eb35ecc28bfa0dec6844e
MD5 hash: 57180d433183512a96c5a072a112c491
humanhash: nine-mountain-beer-floor
File name:INV3232844.exe
Download: download sample
File size:308'160 bytes
First seen:2020-10-15 13:06:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 1536:aVfZVtTbLBFKLPhbgsGSKkJHsQ7Wenue3pzp1pnpQpnpQpnpQpnpnpKp1pzpKpQo:aVgLPhbtsTcxghPGpjej6Hr3yw0Xj8U
Threatray 16 similar samples on MalwareBazaar
TLSH 66645ED9748CFCA9A832C63B1A8DDC5095F34DAE0763FAA02DEF92C199F65D1C845C09
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: outgoing3.jnb.host-h.net
Sending IP: 129.232.250.57
From: Jacques du Plessis <jdp@absa.africa>
Subject: Fwd: Diffrent Bank Details
Attachment: INV3232844.rar (contains "INV3232844.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71413/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
DNS request
Sending a TCP request to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/492505
Signature
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 12:02:04 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifjrutmt2ghrhmlyu2dgsi3plcswrzg3ffhyeboagazxmgzgfduq._file
Verdict:
unknown
Similar samples:
22221b72f894bb076ead64d8e6c09daf40692586a2b9f3409d91ae72c0a001ee
448d8312f6f75248834b2d1fc2ceb91aecb488c8f54a54f6c956b1caa7482d6b
4fedda898f576336ee03b6171f90a06d6132b314d37e4ff58e1b0a5b1fdc05dc
754f418e35d948ec99839d8219eed9d6fd8a8f8e11151af62b5fd08c206c204a
86b0b53349b935048562758a34e08ae6190c67fa522e8742f60702b334625d36
a21f8b25beb919b6e0bdda1ba672e9c2ed15af1afe16dc241e94d2116ef51b75
c1fa48c0b9c81541dc2ba39db3fc1c410f6231e8df9aa69c02bdd1c8549b453a
cd095c19b8c778981def27b002f6db8236991c30a2f7bb4beec6f28f1687c65c
e7a711a237a82cd9dba1eb8407ada18fc00bcd7f510f061e8291cc18e43d3528
ebbc6c8a9394818874d649441f0644f42f52fd0aac5090212a9908b4b8889d6e
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201015-khqlpeal9j/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9
MD5 hash:
57180d433183512a96c5a072a112c491
SHA1 hash:
38f93e12daf7e7e9ac1eb35ecc28bfa0dec6844e
Link:
https://www.unpac.me/results/be531aa0-a52f-4781-ac60-332268f51e19/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 8233be4eba5ec9f9c92882cbf33d6406f21132b250c393fe608e7714945925dd

Executable exe 41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9

(this sample)

  
Dropped by
MD5 a1cd7a9de6390e1cb271a27d21722622
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/71413/
  
Dropped by
SHA256 8233be4eba5ec9f9c92882cbf33d6406f21132b250c393fe608e7714945925dd

Comments