MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cc5578e9b753897ef8d0659635de7aab82fe0e17b99caf8b622ba16b0ebb764. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cc5578e9b753897ef8d0659635de7aab82fe0e17b99caf8b622ba16b0ebb764
SHA3-384 hash: b604938c14e3102fbe1e94e4bec0afafedee8d2db35470ef23e9cf3b11ae1b882c47742cb4b89c2acd4d705965ca262a
SHA1 hash: 9656a0a09d39a0272b1ba782f9e6bb552d99b2de
MD5 hash: 8f25a6fc4f2792fb7371652e89cde7df
humanhash: bakerloo-foxtrot-fish-pizza
File name:Purchase Order & data sheets 20.05.2020.Pdf.exe
Download: download sample
File size:471'552 bytes
First seen:2020-05-20 07:45:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:ns0OyT4Mb/5oKO+DnYUYKjooJHovn3ElblvyoTu:nsUqYDnpTUgoUbHi
Threatray 993 similar samples on MalwareBazaar
TLSH D1A4E00472A5AD1BCAED40F84196E28043B493B76792F7DD8CCA71EB3AF3BD64506187
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: srvweb01.prognatus.pt
Sending IP: 151.236.32.243
From: Stefan Bärlund <nadezhda.angelova@metso.com>
Subject: PURCHASE ORDER
Attachment: Purchase Order data sheets 20.05.2020.Pdf.zip (contains "Purchase Order & data sheets 20.05.2020.Pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 08:36:43 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jtcvpdu3ou4jp34nazmwgxphvk4c7yhbpom4v6fwek5bnmhlw5sa._file
Verdict:
unknown
Similar samples:
00b85c15e241bfcd6a5a9d64029e117876da5029b60b8f4828f859277dafc6f2
41c7d6bad3849fb7c5365745b2be8678e3e8ad63d5b4e8329b1b3206c5d1adf6
654218028f797e5c401cc31242000aaa138e3eb0f8a920b850dadc2b2bf8f807
6f6e1498d9949546bc807123b5f8b8097bc9cd0c0edc29624e19d70e601cee57
a59e7a658d6a43b5e70257422319acaadb0705b28e4879ebebaa346948df9898
bd640074fe32dd3312f8e3a5641f29672e92238ad378bed4a5be5367829dd59d
c4bb2da6ebc3708faa91997e5863224a41e8f177793064728f8a0a3201da46a2
d8450acc64ddba18cda3926697f2953a4bc632607bb975a31c8dbeaa882765d0
e7a2a500165fd1abfed725fd1e51c07d0317cc5a524677bb1069fca38561ce84
fba5658815c50ae760c7baf3e1bd1bc7f3f78a7bf71066c4b4502b755b35826c
+ 983 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-ljqb2crb86/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip c667fa54270f2c8c4647302e0fb6ba6be114ccab2454cc9990b41903a89093e7

Executable exe 4cc5578e9b753897ef8d0659635de7aab82fe0e17b99caf8b622ba16b0ebb764

(this sample)

  
Dropped by
MD5 b18a6f7a87961548db18ce7152976e39
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c667fa54270f2c8c4647302e0fb6ba6be114ccab2454cc9990b41903a89093e7

Comments