MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4258a38905ee530024eff46d8d6d4b4a40d2a875d3cb2d1ad0d1aab4ad7ca44d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4258a38905ee530024eff46d8d6d4b4a40d2a875d3cb2d1ad0d1aab4ad7ca44d
SHA3-384 hash: d7eb396f29cc446729558cd0cf2898183d9e981bb4cd21ad8960cd43c322a96425fbd47745c7f016f05292f1a9674fb7
SHA1 hash: 2b7d3ffa98661601eebf8f8aa73d5c4207f2ce5b
MD5 hash: 873e6589a3dfa4aa829f7fe39a1fe4c3
humanhash: mexico-princess-hydrogen-coffee
File name:enquiry #311220.bat
Download: download sample
File size:4'339'968 bytes
First seen:2020-12-31 07:51:24 UTC
Last seen:2020-12-31 09:41:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 1536:3cjivk+6ffCTxeab4hUnJ+BdJV6CfrKU5fkGHXVxwCUY0bLkuEppVuo0ZzSprD9R:sj2k+WAJb4OnJ+l9Dv
Threatray 118 similar samples on MalwareBazaar
TLSH 35160D116FD3254EF2F3E07612B19AD6AF38FA7A72845A1D825D2B550C03F862F83D16
Reporter abuse_ch
Tags:bat Endurance


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy2.mail.unifiedlayer.com
Sending IP: 69.89.16.161
From: Kaizer Edward<kaizerward@outlook.com>
Subject: AW: WG: Purchase Order sent from Tetra Pak Trading Shanghai Co Ltd via OneDrive, check
Attachment: enquiry 311220.7z (contains "enquiry #311220.bat")

Intelligence

File Origin
# of uploads :
2
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
enquiry #311220.bat
Verdict:
No threats detected
Analysis date:
2020-12-31 16:16:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fe0ad62e-8f49-485b-bc14-0ab484abbfe0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110194/
Detection(s):
SecuriteInfo.com.Generic.mg.873e6589a3dfa4aa.28608.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/572511
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4258a38905ee530024eff46d8d6d4b4a40d2a875d3cb2d1ad0d1aab4ad7ca44d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ijmkhcif5zjqajhp6rwy23kljjanfkdv2pfs2gwq2gvljll4urgq._file
Verdict:
unknown
Similar samples:
01272f17eba824214acfce5be4a4408023d7ba710488da14f8296eea90a3a3fd
1069419faac2c4882be82f4887684652184d9a974a2bc7cf9444d80bfb0350f8
25ef2158460a1be27e3c1974883ada170bd1ccd66c270bf05c36f6b8e758a50e
3ad6ce8aaf456bd0cfd4ea3f7be02d9d08b5e74249e1bb49be61ff58ed61f675
483ceb8e56d7a31cab2e789ddb77c34107700904d40a0dcf60552b56a4c3e911
883cd4d75f7b0276880dce818338ff51790f28cdf753096fdf63190804a12aa4
a9d71566da6b4e33603f4f78443bf0029c479516504789e017d546eb4c4167e8
ba41a55277d31931ded743f6d9a984d0a22e7f6c79f753da9493929d1942cbc8
c18f07d962d9753b946c6aa1b3af535f55c3cdc15e55fa647546a4cfd09796ca
dd7f0e91b03b789878c81bc9677686df20e858989c69ee2002e90cc86e033c6b
+ 108 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201231-jx68y59p3a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
4258a38905ee530024eff46d8d6d4b4a40d2a875d3cb2d1ad0d1aab4ad7ca44d
MD5 hash:
873e6589a3dfa4aa829f7fe39a1fe4c3
SHA1 hash:
2b7d3ffa98661601eebf8f8aa73d5c4207f2ce5b
Link:
https://www.unpac.me/results/177711ec-7ee5-4c61-8b0f-1570bd3458b3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4258a38905ee530024eff46d8d6d4b4a40d2a875d3cb2d1ad0d1aab4ad7ca44d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z e3d9dc98e0d91bf5849acbf6f3903a0a8f70625a2cdb658b406216d728fecc2a

Executable exe 4258a38905ee530024eff46d8d6d4b4a40d2a875d3cb2d1ad0d1aab4ad7ca44d

(this sample)

  
Dropped by
MD5 9b378dc57e64a17bdd379a428f54b513
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e3d9dc98e0d91bf5849acbf6f3903a0a8f70625a2cdb658b406216d728fecc2a
Cape
Cape
https://www.capesandbox.com/analysis/110194/

Comments