MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52e6a6e33537e0c11e0c775d6fae8755218bfa244d04d108224d1fca254dbb78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52e6a6e33537e0c11e0c775d6fae8755218bfa244d04d108224d1fca254dbb78
SHA3-384 hash: d6542f9e5610ba28fb15f7e020a070c194e46dd79ac095dd78b4186f1ca0dceed325ac030bb0359f45cdb43b7a096f7a
SHA1 hash: 62c15edfa886f6c045730c915f26213b33266680
MD5 hash: e23dbdff5405be251ba15ec308d62aad
humanhash: spring-comet-two-bakerloo
File name:BENZ.exe
Download: download sample
File size:386'760 bytes
First seen:2020-10-27 14:25:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:v078n/o5bNc3qzmc1AbrwQApaVPcHuLLmOnmZQXVd9aQqHe+qDkdd4gTU:v078/Ypc3GmeAAWVPcHu3wo3aQqHe+qj
Threatray 37 similar samples on MalwareBazaar
TLSH 6B84F1067A817C05E39A03350A8BD9343BE1DBF14E32858EAD65A11CCA8F3D67D9D5CB
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: hjorth nielsen <hjorth-nielsen@tdcadsl.dk>
Reply-To: hjorth-nielsen@tdcadsl.dk
Subject: Q220-1676-1 - EL MAGD - Additional Equipment For Existing Feed Mill Plant
Attachment: Q220-1676-1.IMG (contains "BENZ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79955/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/513761
Signature
.NET source code references suspicious native API functions
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52e6a6e33537e0c11e0c775d6fae8755218bfa244d04d108224d1fca254dbb78/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-27 14:04:21 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kltknyzvg7qmchqmo5ow7luhkuqyx6rejucnccbcjup4ujknxn4a._file
Verdict:
unknown
Similar samples:
1c9cc96764b3d174a74e6988d487fda390a3d960c2799efb0cdc3382f9f7fac7
1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260
23442a0197aaded817ffc066a68d04db162abb15bd4c560cae030ebeb19b2c2e
5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2
6dbd3f42bf990db55372e1e01a3ddb4dbbdf3051fa01492bca882dbc023bb71a
703aadea111eae71a7dfb3f2c63c4522b4edd138033fef221295f74d3509e10a
705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5
774fa620be98d94c8530d9c5e50e48c7595271fb911753b1c16d33dad1bc141d
ca60958a09d1cd5817504857d90b846a9ce6f6ee1bed7686318b3741108b709c
e9fe333b16d9d8f92248691f466ff758562fe434e801be39834023f4492103e3
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201027-e7mmnh5lyn/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52e6a6e33537e0c11e0c775d6fae8755218bfa244d04d108224d1fca254dbb78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ec25e7f1fefbc8a7f9ccf75735ce119b

Executable exe 52e6a6e33537e0c11e0c775d6fae8755218bfa244d04d108224d1fca254dbb78

(this sample)

  
Dropped by
MD5 ec25e7f1fefbc8a7f9ccf75735ce119b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/79955/

Comments