MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54ea0b0567e7fcbd6f0a0a179f607d901f597c682627958d0d76e7d7460b148b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54ea0b0567e7fcbd6f0a0a179f607d901f597c682627958d0d76e7d7460b148b
SHA3-384 hash: 63478be445b2c2061659b1fa69dedb5107ee466ffba5cea15ff26e3333166edbfe9cd4e2a1325f562eafebb8134fd44a
SHA1 hash: 88d03fed1da8ab48f7aa47bd6ee57efc9f5e0588
MD5 hash: d12953f6b9c88a9e5d61368cff50b421
humanhash: kilo-jig-football-network
File name:PR200701149.exe
Download: download sample
File size:960'000 bytes
First seen:2020-10-07 05:05:56 UTC
Last seen:2020-10-07 06:24:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'471 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Q3cvbfTPSidhn+a+Gku18Kv4XNCrc+wM7hQJKfw6f2s1czxCBQ3JiIsOS9kA13Gy:QqPSEB+a/eQ4rQhQ0o6f2s1iCBMi
Threatray 35 similar samples on MalwareBazaar
TLSH 0915389C365075DFC857CD76CAA81C64EA6078BB930BD203A05326ED9A1DA9BCF144F3
Reporter abuse_ch
Tags:exe Strato


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mo4-p04-ob.smtp.rzone.de
Sending IP: 85.215.255.124
From: Greg Kemp <info@assag.de>
Subject: FW : Swift
Attachment: PR200701149.gz (contains "PR200701149.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68774/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/483655
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54ea0b0567e7fcbd6f0a0a179f607d901f597c682627958d0d76e7d7460b148b/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 02:10:16 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktvawblh476l23ykbilz6yd5sapvs7dieytzldino3t5orqlcsfq._file
Verdict:
unknown
Similar samples:
04a908a9e407549cb834e945f0afb49da90f7581bda7e2d2cd3871a55997d53b
2a44717f99e2446d315027f4cd90bfca21e77fcba2811ec556b1193de98b7d38
728a12188dfcce9be20353d6c8e3dd57ad1930da9fd38831a2ef0e4221fea8cc
7fb4fba53288857c2bf2e1c131dfa280964585937924fbc7c0a13d4aa330547b
9b9c7c9bf796b2bccdc9a9ec430d4b4f7731d6b611a0b65f522e3517cc5a9e22
a1e30a2a09896194a7b457401dd3a9b405b53aeea17a21ca6b99b2e8da5e2876
b7b4af9f7bfdc37f2aa79f19388f9077b3e1f88ab9d0d6211401f47f7d7105dc
bcc01bd327ae6f2ee592bb5e669ffad780cc6d8c820459cb312b93d3344bc396
f34c4cad829d7f44f730d66e9be8571c4d69b55487e5b7fb00a60ed8094d00ba
fdbabd420775b48fa947299b0b606cd83ffe578a64a85dafde748f72c12a11d0
+ 25 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-9q1nmg4h3x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
54ea0b0567e7fcbd6f0a0a179f607d901f597c682627958d0d76e7d7460b148b
MD5 hash:
d12953f6b9c88a9e5d61368cff50b421
SHA1 hash:
88d03fed1da8ab48f7aa47bd6ee57efc9f5e0588
Link:
https://www.unpac.me/results/75fc63ec-3917-4cf7-b803-d2d59897be47/
SH256 hash:
607f04646c9f16f7c23fa69d4b8f660fc7c44d40e4f73a0c70a2b315debdaa8b
MD5 hash:
a90baadadf904455325f7bc787185c7b
SHA1 hash:
7d833bb819d638008c98be469b05db2feaf201cd
Link:
https://www.unpac.me/results/75fc63ec-3917-4cf7-b803-d2d59897be47/
SH256 hash:
c66a88a6056735de3dede38675914ade9062d95d22e49ec27e92ee40e8e2d025
MD5 hash:
991cece4baea7cc6c706ff0b49222f23
SHA1 hash:
be5607431d7269ca77d721420127e8b4623f95e8
Link:
https://www.unpac.me/results/75fc63ec-3917-4cf7-b803-d2d59897be47/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/54ea0b0567e7fcbd6f0a0a179f607d901f597c682627958d0d76e7d7460b148b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz ad1819361e422b34b3d0abbfe142783258374f3eb4e4a80c219832433f5cefbd

Executable exe 54ea0b0567e7fcbd6f0a0a179f607d901f597c682627958d0d76e7d7460b148b

(this sample)

  
Dropped by
MD5 5de937d941caad207560aa31ffda9e01
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/68774/
  
Dropped by
SHA256 ad1819361e422b34b3d0abbfe142783258374f3eb4e4a80c219832433f5cefbd

Comments