MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DispCashBR


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175
SHA3-384 hash: 9e674ad74cb983f51d4e9332747e9919d6cb8be27c42f0541ee2175ea190a2e8a73fc80a3c0c659946faaa704e00e4ad
SHA1 hash: 3cd0d6d8f8d60d92b366606c7999cb1762c8e16e
MD5 hash: 8fdb851aefab28be10e8a2c6cbb49589
humanhash: indigo-south-fifteen-white
File name:432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175.bin
Download: download sample
Signature DispCashBR
Create hunting rule
File size:44'549 bytes
First seen:2021-05-14 21:23:04 UTC
Last seen:2021-05-14 21:36:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d73b1e673b0c8b899b5f2db7b59b63b (2 x DispCashBR)
ssdeep 768:u5kkt6BmyabyqNuQ0p3g71/AYz1luhLrXAAvg5OHKtad/:skkt6BmyabyqNuQ0p3g71/AYz1luhvPL
Threatray 13 similar samples on MalwareBazaar
TLSH 6313A594AFE49CE3EF0242BD54EBC27F663CF2E4C6030B46B77071792652E952AD4A05
Reporter Arkbird_SOLG
Tags:ATM DispCashBR

Intelligence

File Origin
# of uploads :
2
# of downloads :
243
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175.bin
Verdict:
No threats detected
Analysis date:
2021-05-14 21:27:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c6161da7-0c15-4d17-9ead-b63708825dad

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/157166/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
bank
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/782331
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PE file imports functions from msxfs.dll (often used by ATM malware)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175/
Threat name:
Win32.Trojan.DispMoney
Create hunting rule
Status:
Malicious
First seen:
2021-05-01 21:22:30 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=imxxgksozo4gzm663p5iqhzhgpjazpgfswhk2uuchpyjm7atgf2q._file
Verdict:
malicious
Similar samples:
12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9
DispCashBR
1ae19b40a0ee8af19c35df837183c23efa7bb48bf0daf38769d2b12aaf26c255
DispCashBR
1ebbf5127ddc28f2e0e70a630acea23bf8734ea6405811b8e35c9acaca5b7174
DispCashBR
3b8dd3bc950e31064f5fe058ed3e8c25f082bef1f42e1426760cc6f8fef14821
DispCashBR
3fc60a83ef20e211458314b964dd532fa2ddedf042b508f5512b41f05f731116
DispCashBR
536db2930da96c059b10843fbb82ca8b53e3b10da458344d63c7fc5417a08fc4
DispCashBR
54f0211463fd813773ab82311eee3104c041b17a37e8c6308457294321d3587a
DispCashBR
74f7347811cf671e798e71e5efafdc0577845f97af9f0b81a9ec71fee32cb51e
DispCashBR
e9056b5596854e3473033e3b28577c83a70f1b5be20e4b1cf529688ad7591b70
DispCashBR
f40314a4c56831c08fe64721eb42a7ce52a08b25d6722343e8365327be940483
DispCashBR
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210514-d2c75mjqea/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dispcashbr_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_dispcashbr_w0
Create hunting rule
Author:Frank Boldewin (@r3c0nst)
Description:Detects of ATM Malware DispCashBR
Reference:https://twitter.com/r3c0nst/status/1232944566208286720

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-14/DispCashBR/ATM_DispCashBR_May_2021_1.yara
Cape
Cape
https://www.capesandbox.com/analysis/157166/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-14 21:59:11 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0052] File System Micro-objective::Writes File
1) [C0007] Memory Micro-objective::Allocate Memory
2) [C0018] Process Micro-objective::Terminate Process