MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 592b40fc1c3b590124feccd0436ded3d577e7ab071473e2e7dfec5f248b2fe86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 592b40fc1c3b590124feccd0436ded3d577e7ab071473e2e7dfec5f248b2fe86
SHA3-384 hash: a3ad8e60022835e6ca09c87bb22d2cc4bd652f0582a2d5ec9ac9ffe6979010c7a6359735be7d4c7fb45b16761bd2fea9
SHA1 hash: 404e2f0ae02cc0904c1d70cbd45ec0f19eaa4d9a
MD5 hash: b3d2d1fbadf3c139b69282554eab24e7
humanhash: pluto-east-sierra-early
File name:Invoice202010.exe
Download: download sample
File size:16'896 bytes
First seen:2020-10-24 06:23:03 UTC
Last seen:2020-10-24 06:50:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 384:KDuelAc1SFqpI/7wbMKJNa65C4fjVI59yWa6w:OueCkSFP/7Epfa1a6w
Threatray 10 similar samples on MalwareBazaar
TLSH 0572084273F4C27ADAEE0B705D3356104AB1DB468977FF9D88D8809E0EA3B5446627B3
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/75175/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop11.32274.14875.22458.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %temp% directory
Creating a file
Moving a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/508559
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops PE files to the startup folder
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/592b40fc1c3b590124feccd0436ded3d577e7ab071473e2e7dfec5f248b2fe86/
Threat name:
ByteCode-MSIL.Trojan.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 17:35:08 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=levub7a4hnmqcjh6ztieg3pnhvlx46vqofdt4lt573c7esfs72da._file
Verdict:
malicious
Similar samples:
074386a5700dfd37c1adbb4e61caf537ccd57d96c1b8fcf6cc7b27227771d600
46cad0e0ca3b2d6d9d3ce691ca2887b18abc80acf0e81799fbb290cce104c8eb
6191760cf162654877e307b82542ceaa58896d894e27b891b9d83a907d6271cd
6744cb50ec61375fecb780f86bef73a254d0fb45c5b23d0eb9ae375fa19ac4d5
7b8737c1334e0ed07632ae06bf455a47ca63ed00b8dc3633d09b028c91868405
9578c73e32a49d27b99b2114639831d359a73de4f895dd2a86cc15439e64fb8b
a6aba7b7f6eeeb871e7c58959307a260e3f20b54b7d4a174c9bc03ce4eb94a94
b1e31a390090f5cf702231368b8da3da88679c45ba9f98775ee03806dbd31f87
d620778dbbcf11e3a293aeaaebac7b6a9a02e7d8790ca5ffa59bda1e9b9632f4
e85dd1e7ab0b26928c8f917ff0849e745d975c97a9391171ea7218983e441eb3
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/201024-9gahb35st6/
Behaviour
Adds Run key to start application
Drops startup file
Unpacked files
SH256 hash:
592b40fc1c3b590124feccd0436ded3d577e7ab071473e2e7dfec5f248b2fe86
MD5 hash:
b3d2d1fbadf3c139b69282554eab24e7
SHA1 hash:
404e2f0ae02cc0904c1d70cbd45ec0f19eaa4d9a
Link:
https://www.unpac.me/results/ca4a4cec-77aa-4eeb-8a0a-d0936cd360fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/592b40fc1c3b590124feccd0436ded3d577e7ab071473e2e7dfec5f248b2fe86

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 592b40fc1c3b590124feccd0436ded3d577e7ab071473e2e7dfec5f248b2fe86

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/75175/

Comments