MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 449a93661001189b1d958ae01a55ea864f31dcd71fd169d1b88f6120fcd7578b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	449a93661001189b1d958ae01a55ea864f31dcd71fd169d1b88f6120fcd7578b
SHA3-384 hash:	c61d5e6945f942fb0c115798a56685e251b93c2b84b8ca1a99cf70f9b65100ed33a3b60a30f36a617fade6c76ad0fd9a
SHA1 hash:	14580fbd3b5f694bde3d7f62f1f6a6c429ffb1ee
MD5 hash:	df93fec7081cc0e9a4ca6fa39e2b3e53
humanhash:	river-september-alaska-maine
File name:	kj3MSV07dwSZB9K.exe
Download:	download sample
File size:	776'704 bytes
First seen:	2020-10-07 05:11:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'603 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	12288:VKvVPcGf4PVfcYdcD6wYifDTdsdTFR52fiCrDKlbrR3zoFBFxL5KGzd88k9byf4l:YvVPcGfaVUhDZdu29rqrR+LT88kGfdsz
Threatray	12 similar samples on MalwareBazaar
TLSH	99F412102295976EE46D877D0172106603F5F82997B7E60CBFEAC4EA5D13BC88772AC3
Reporter	abuse_ch
Tags:	exe

abuse_ch

Malspam distributing unidentified malware:

HELO: hosting.hamazakiwong.com
Sending IP: 67.231.28.151
From: Global Resources <support@natureagency.org>
Subject: List of Fake Indian and Chinese Companies
Attachment: Fake Company List.img (contains "kj3MSV07dwSZB9K.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

104

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68789/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/483699

Signature

Binary contains a suspicious time stamp

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/449a93661001189b1d958ae01a55ea864f31dcd71fd169d1b88f6120fcd7578b/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-10-07 02:13:42 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=isnjgzqqaemjwhmvrlqbuvpkqzhtdxgxd7iwtunyr5qsb7gxk6fq._file

Verdict:

unknown

Similar samples:

26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9

4e2611cf16e38e3408539cbdb204ab846229f2f4e06352b2031b7336179811bf

5f7c84c5a62c4603069eada6e50059cc6e2a6cf7ab8be1281e04a7501667a074

6f3b823d339fb8ae56dc4fd98744533b6df2384c617289712d9c8fa9659f6bce

8a571569462613ad58e4b10d9fc396e496721ab5747160224bf6f7b335755958

9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837

bd69bf1e3557175c857559ec3963239bd25143262f95b6a425da5fcd70159bc2

c746707553e9ce0ae1b309293151033a32f8f5fc560bcb5ba7d1d467a00d909e

de63dad91264010f951f169683aa6527225433cd645d564dd150bbf30c4ad3da

e3ecf3cf9049f650a5648fc86e2af3de5bf77a4909d242677e71eb3aa511c9cb

+ 2 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201007-eavts6bq7e/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

449a93661001189b1d958ae01a55ea864f31dcd71fd169d1b88f6120fcd7578b

MD5 hash:

df93fec7081cc0e9a4ca6fa39e2b3e53

SHA1 hash:

14580fbd3b5f694bde3d7f62f1f6a6c429ffb1ee

Link:

https://www.unpac.me/results/9aa397b6-b561-4d96-9cba-da501d3df0f3/

SH256 hash:

13b24d3a09d099dabe41cd6cd71607a77e14640b1e9b4ed2d60f6c012f191c43

MD5 hash:

109cedae3c384a1913107f1efad2b7c8

SHA1 hash:

1f7f35b0ed85fa12bb839cbce698e59a30813420

Link:

https://www.unpac.me/results/9aa397b6-b561-4d96-9cba-da501d3df0f3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.48

Link:

https://yomi.yoroi.company/submissions/449a93661001189b1d958ae01a55ea864f31dcd71fd169d1b88f6120fcd7578b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 38a9800974ba1cd5eab294baec96c63e9a4731d8de7dd5815f608592e2bc6f69

exe 449a93661001189b1d958ae01a55ea864f31dcd71fd169d1b88f6120fcd7578b

(this sample)

Dropped by

MD5 13c10701830ef71078f8aabeffa01159

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/68789/

Dropped by

SHA256 38a9800974ba1cd5eab294baec96c63e9a4731d8de7dd5815f608592e2bc6f69

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample