MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 452f6c82573df4442dc2b111140c09c86fcdb5d776487dd6d2386645b319024f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 452f6c82573df4442dc2b111140c09c86fcdb5d776487dd6d2386645b319024f
SHA3-384 hash: 40911894d406d5e20e3578518a45774d303ee054eba7d8f67ab4965197a1df3e14c6067efdadc7ce9037db6acc46ecf9
SHA1 hash: 217bc16e2c9d1cb3e51f0d18242def29595090b4
MD5 hash: b18a7e266eee1977ef3a145369589d5c
humanhash: hot-music-golf-cup
File name:Scan0029 Bankdetails pdf.exe
Download: download sample
File size:835'584 bytes
First seen:2021-05-05 08:53:30 UTC
Last seen:2021-06-07 19:21:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:g1fxhwL8mLAHefRIZtbVqrTwqEZr1z3qs6rLk2:oZyJAH/ZtxqEZrR6JA
Threatray 11 similar samples on MalwareBazaar
TLSH 73055A10CF944FB6C2CE06B5E17427152BF6DC82A69BAB8E9948F9F93C7339085141F6
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/150081/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/452f6c82573df4442dc2b111140c09c86fcdb5d776487dd6d2386645b319024f/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2021-05-05 08:54:12 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iuxwzasxhx2eilocweiridajzbx43noxozeh3vwshbtelmyzajhq._file
Verdict:
unknown
Similar samples:
0fd2b5dba8eb6762b397cf61bd9c2ff9de3eefc8eb8c4cbb1002d1b9c96fe5d1
312c1e6a195ca210070f9fdc8e2ed8a6363bd8386047ad48ff20e36d60dae6e4
31768ba567580677ef466b1451e012d1fd35341ca7ec9692c56ecfc09c4e13fc
344ce3854299c58105065ee7c9605cb77d04669f433a6080f640fbe304c8e1df
3efb8d6a873c1553f95c6d20ef6a489530040080a837fbf7cf91108501e8fa49
5a38b12ebce12dde580da36ee1b4a5c0387f9e81f7f738c278b60d5781dad6eb
a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d
d8b500427918db815fb5b55eb807c8830192ea1ccd676d4a17155f4d10a1c36e
fdd6b649413776c157e7029b545d9e47a62b9decd6b2a11ca1708fd4363945a8
fe2853104646e2bd3446a2965268b953f728d3cdc941e8add4760975e2d12e86
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence spyware stealer
Link:
https://tria.ge/reports/210505-aamljrv9ks/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
39008b99d2759366c3a3323e48f552860523c25613c423936bd320ad860f102b
MD5 hash:
e7260cc8e688b41fb8306594ee820545
SHA1 hash:
92801d0fb82a5ceba4a7fd9436ae35c68d504361
Link:
https://www.unpac.me/results/1ce96f7f-cda2-4b08-a15a-bda2e2a4cb97/
SH256 hash:
34bbea772d6bc2ffb6ff879346cf025379e6b65a7e76dcb94dbe61dc588ba9fa
MD5 hash:
a12bff5e88ef00d440dc169760b797d5
SHA1 hash:
fd4f32f1a3c5f9efc34ed101661f732cfac814b0
Link:
https://www.unpac.me/results/1ce96f7f-cda2-4b08-a15a-bda2e2a4cb97/
SH256 hash:
2c3d66e8e284d8038fe53e35942c4c4a6b479d8dd5b60aa7d04af24246daf852
MD5 hash:
460e18fbfd3ff94a1f8c8fe7e2e9d32b
SHA1 hash:
e8689151d1431666375e524adf535925927e609b
Link:
https://www.unpac.me/results/1ce96f7f-cda2-4b08-a15a-bda2e2a4cb97/
SH256 hash:
452f6c82573df4442dc2b111140c09c86fcdb5d776487dd6d2386645b319024f
MD5 hash:
b18a7e266eee1977ef3a145369589d5c
SHA1 hash:
217bc16e2c9d1cb3e51f0d18242def29595090b4
Link:
https://www.unpac.me/results/1ce96f7f-cda2-4b08-a15a-bda2e2a4cb97/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/452f6c82573df4442dc2b111140c09c86fcdb5d776487dd6d2386645b319024f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/150081/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-05 08:59:34 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0023] Execution::Install Additional Program