MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf
SHA3-384 hash: 73b9204f566c99f83ae467649cea81dd6ab941b66fde4255becea3a9b0bd17f7b20a75866a73e087f4b88ed59293d411
SHA1 hash: 19f7f2ef79be247c772dd40adbe88fe27bd7d1cb
MD5 hash: 10ee4ad3d3a3f429832fc15529f28c1f
humanhash: pluto-moon-wisconsin-mirror
File name:Past Due Invoice.exe
Download: download sample
File size:723'456 bytes
First seen:2025-08-05 13:17:14 UTC
Last seen:2025-08-07 10:33:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'604 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:5ocNO8TDb0/Tvr66bwHHwZ2K2ilHfuLQDhildcFbTwJ/W53gyDFM:2cNH0rW6bwnwo3o/uGF4xyZ
Threatray 4'198 similar samples on MalwareBazaar
TLSH T1BBF423A821AACA26D5BD97700531E73113BC4E5FE722D2878FDAFDE73616F958900381
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
29
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Past Due Invoice.exe
Verdict:
No threats detected
Analysis date:
2025-08-05 13:19:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b040bd2e-aa7d-4183-8158-cc1d99ccb843

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19008/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.31438582.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6892046711d7f9b979e59caa
Tags:
virus krypt
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bitmap lolbin lolbin masquerade msbuild obfuscated packed packed reconnaissance regsvcs rezer0 roboski schtasks squirrel stego telegram vbc vbnet
Link:
https://www.filescan.io/uploads/68920467397fd3ce6f9d9dbc/reports/4b73b18e-ff78-4283-8ce2-dae6df82810f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8b09941f-af29-404e-ae6d-13c46d9e828f
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable PDB Path PE (Portable Executable) SOS: 0.28 Win 32 Exe x86
Link:
https://app.malva.re/file/10ee4ad3d3a3f429832fc15529f28c1f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf/
Verdict:
Malicious
Threat:
Trojan.MSIL.Crypt
Link:
https://tip.neiki.dev/file/569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2025-08-05 07:02:18 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
22 of 36 (61.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k2niszqghx6vik2zl4acfopbyt6anlrmahggel6e2rql7wzip7hq._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
Similar samples:
0f35ba4092a1137650826b2cd0eff36eeb58a51c09fb1210199948a2b03a48f3
569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf
87839de578611fa6fd31f537bf3107e7b7471ee271dc458372ba6efd962f4056
908ea4e10ff30ea0fb4dd724fdb19e1f9c491b443c90cf0957ed6216ff5d800e
95ea7cad1f5295a05a2084c870724c860063568375f9ac5ea4cfcda022486915
error
f1072b6f2cef8a84384f1d3d5f64905640d41be85aa4966cbf6ada530be721ac
+ 4'188 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/250805-qjh7jswjv6/
Behaviour
Program crash
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7e47aadc-695d-40fe-b4bf-8567473ef9ae
Unpacked files
SH256 hash:
569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf
MD5 hash:
10ee4ad3d3a3f429832fc15529f28c1f
SHA1 hash:
19f7f2ef79be247c772dd40adbe88fe27bd7d1cb
Link:
https://www.unpac.me/results/6677ef07-3773-4322-aa84-b322c95beb82/
SH256 hash:
d4d57160e5d12860bd53767cbee3d7db7f8b23eaf8bbe1c21654992e111816a4
MD5 hash:
e9d0a57288e8535e4de41efed2092434
SHA1 hash:
28185d6f833396935b71697638d796482886c93f
Link:
https://www.unpac.me/results/6677ef07-3773-4322-aa84-b322c95beb82/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 94ca56ade235c404a4cebad6fc6350e4b2473235d9918f43c0512969526f593a

Executable exe 569a8966063dfd542b595f0022b9e1c4fc06ae2c01cc622fc4d460bfdb287fcf

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/19008/
  
Dropped by
SHA256 94ca56ade235c404a4cebad6fc6350e4b2473235d9918f43c0512969526f593a
  
Dropped by
MD5 df9f18c7f7935ff56c25d906e11a7dbf

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments