MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122
SHA3-384 hash: 5f6dd3985addbc3383130d9ae3fabd8b83f0d5bdaa7f1300add855ff863da26e7f8cd390315352c138b8759352976413
SHA1 hash: 1f6a327c4680ef6d69972250161e831d7b8c126d
MD5 hash: bcde8e2e94aff299cbef6a91b20bc728
humanhash: seven-ten-jersey-grey
File name:R810235126_FCR Forwarder Cargo Receipt - Draft.scr
Download: download sample
File size:5'189'248 bytes
First seen:2021-01-07 14:04:53 UTC
Last seen:2021-01-07 15:32:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:GYBXKZoNTLJ70MtTYE4jvobTi2zdfJWc7z3cFSSWGzzY5TcbU6:16zMSuHi2DWcUFSS1ok
Threatray 16 similar samples on MalwareBazaar
TLSH 99365C116FD3254EF2F3E17612B19ADAAF38FA7A72415A0D825D2B554C03F862F83D06
Reporter abuse_ch
Tags:scr


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.internethouse.host
Sending IP: 5.189.220.56
From: Angela.Hsu@expeditors.com <admin@internethouse.host>
Subject: Walmart OEM 01/09 結關 1*40ft 出貨通知單 (PO#4500004880) SO#3002 DATA - Revised
Attachment: R810235126_FCR Forwarder Cargo Receipt - Draft.zip (contains "R810235126_FCR Forwarder Cargo Receipt - Draft.scr")

Intelligence

File Origin
# of uploads :
2
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
R810235126_FCR Forwarder Cargo Receipt - Draft.scr
Verdict:
Suspicious activity
Analysis date:
2021-01-07 15:03:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/100eeed6-16f7-4a5b-b931-692fda88d3e1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110838/
Detection(s):
SecuriteInfo.com.Generic.mg.bcde8e2e94aff299.10042.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Using the Windows Management Instrumentation requests
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/575886
Signature
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 07:54:08 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kk55l6diucrw27z66hlhlkcvgqkm6ucxx4vztodr73c3z4dsaera._file
Verdict:
unknown
Similar samples:
1a4c089443f4481e78eed6c8a58764ddc13ee9a5ce93a5f00875d525219b1d88
58909bdbe9145136b971a479fe4eb668fcf23278cd14c29b8526ef0627a5ba0f
69ed72dbf7e4439552b1e07760f02b1f005e6b6529c6666a8a971a0baa556fa8
6f96c1cc562c104cb339f346411c7b983c42ccded781115e1de67d645df9a00a
7380f791a7bb79b986dba49ba94e0f2e4a16abeccb3a7117d5acf27c3977a530
90fdc74e3611c82b05a6bba5b9864a9e21d27e04569c539a0d3f6743d4dc2e0a
961ca60cc81e38eacdf3197954394b03430b09a5613db567adfab92a3a718d0b
a21f8b25beb919b6e0bdda1ba672e9c2ed15af1afe16dc241e94d2116ef51b75
c39bdd8f7c69c3140ef920e2b1d5965310058c5fa425b871f4d7751d8291d55e
fd16b4767d7764fde593f6b7d6449ccb233c18270bf45d67edde500c5028dc94
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/210107-l8bkr1kwpe/
Behaviour
Maps connected drives based on registry
Checks BIOS information in registry
Looks for VMWare Tools registry key
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122
MD5 hash:
bcde8e2e94aff299cbef6a91b20bc728
SHA1 hash:
1f6a327c4680ef6d69972250161e831d7b8c126d
Link:
https://www.unpac.me/results/22e6a86d-e9d2-456b-9153-447c07e8b65f/
SH256 hash:
325f4f9502e56d54fa27d8d9df60abc48417433c3857de9481287ab59a4e9a14
MD5 hash:
3c9a9c4ef51125d76e68608dd19c7571
SHA1 hash:
b24388470b30d2d531c30b39ad262e770d5db065
Link:
https://www.unpac.me/results/22e6a86d-e9d2-456b-9153-447c07e8b65f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709

Executable exe 52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122

(this sample)

  
Dropped by
MD5 179a590228b033b751cbb2c9ab4a438e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709
Cape
Cape
https://www.capesandbox.com/analysis/110838/

Comments