MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985
SHA3-384 hash: 62d56ce053b7b0f17cb49fc00af9850c2003fd052c864ae2ec7afdba1a7ff02412e5787079534dea059f9b715c066239
SHA1 hash: 44dbb59e06e1731348d3a858605a3230e5666961
MD5 hash: 18429cbae06b28c34598acde5e6400e1
humanhash: muppet-black-ack-white
File name:18429cbae06b28c34598acde5e6400e1.exe
Download: download sample
File size:827'392 bytes
First seen:2021-01-11 07:47:43 UTC
Last seen:2021-01-11 10:53:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:+Wy1UDSXjl5X6qjCMY8+u1IsBjH8ve6s:7yX1+u1Is3
Threatray 2 similar samples on MalwareBazaar
TLSH CA051280586897FADE7C57F601B1A80713B6302A05B7E7DD2C8068FA89D5F4B4D21B6F
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
paymentnotice.xlsx
Verdict:
Malicious activity
Analysis date:
2021-01-11 07:17:41 UTC
Tags:
encrypted trojan opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/66191fbf-106c-4596-b5f1-01bf17e9d760

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111217/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.7439.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/577662
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-11 07:07:24 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a
9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210111-vt8194v8ms/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985
MD5 hash:
18429cbae06b28c34598acde5e6400e1
SHA1 hash:
44dbb59e06e1731348d3a858605a3230e5666961
Link:
https://www.unpac.me/results/7e3594db-c94d-43c7-8076-c5703eb936fa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/952193/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/111217/

Comments