MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59f6e01fdf0b28d9808e9772276b8dc308443de9ce1dc1d847c4d3fbcf8084dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59f6e01fdf0b28d9808e9772276b8dc308443de9ce1dc1d847c4d3fbcf8084dc
SHA3-384 hash: e56491445b8b47825c6d9a58379e460a447f7aa616bf5b04eaa83a0462886d9246a5fc4cf327dbea39ec39adf3b63236
SHA1 hash: 58489b25518689e9ce25d5514e6c3695b4fab130
MD5 hash: 6a1a83e2875f9e39f5c5ad11cefb47cd
humanhash: lake-utah-gee-romeo
File name:Purchase Order.exe
Download: download sample
File size:1'099'776 bytes
First seen:2021-03-04 14:15:11 UTC
Last seen:2021-03-04 16:02:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'653 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 12288:f8IcQpc076e8mr3gU3O49phJFuFXxGFhyjIOjAskO9hsDLBc1s:0fQd8mr93T5HyjIOjAzO3sxca
Threatray 17 similar samples on MalwareBazaar
TLSH CC353A2557EC7B05E03EABB66AB0440543F9A806FF17DB4DBDC260DA2E72B118E07617
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Purchase Order.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-04 14:17:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0bd349e5-fd1b-4a4b-b24a-b83adc576b5f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122281/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36439871.6876.6799.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/628688
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 363320 Sample: Purchase Order.exe Startdate: 04/03/2021 Architecture: WINDOWS Score: 72 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected AntiVM_3 2->21 23 .NET source code contains potential unpacker 2->23 25 3 other signatures 2->25 6 Purchase Order.exe 3 2->6         started        process3 file4 17 C:\Users\user\...\Purchase Order.exe.log, ASCII 6->17 dropped 9 Purchase Order.exe 6->9         started        11 Purchase Order.exe 6->11         started        13 Purchase Order.exe 6->13         started        15 2 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59f6e01fdf0b28d9808e9772276b8dc308443de9ce1dc1d847c4d3fbcf8084dc/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-03-04 14:14:35 UTC
File Type:
PE (.Net Exe)
Extracted files:
53
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lh3oah67bmuntaeos5zco24nymeeippjzyo4dwchytj7xt4aqtoa._file
Verdict:
unknown
Similar samples:
27dcd9778b97a02454b9d43e22c188cbc7028367b311496b463a6f7d773e9f6f
29d756d4f6026e22da3178fff23fb162855ed79dbf07f51d2af6a146d0326de9
3ac127779fcb64fd5737330bc7a1e2338794cfc7c690eb01e294be6ba99f5780
4c7bd55bcf6b94c3a60d424588d02b7dea3610dcfb58da22bdcd15b1415ba7d9
5451398e91fbd3fc384a38c5e481b7e472c0ea4c7e0b7fa3ed1469150516b53a
6929b80188b24be9a55566485702e061e5ba9ed6631c205d754ad6e3b7cf6008
85f4bba0fd206324bbc2c2a3483db621caaefe63830e9f56ac03d32c8f4b2c11
a67f9172ca1a41d7403d46be868448d83c1c80a1dbdd714b4122a62470ebb00a
c4b88f2cd48afe278bcaa30561bfc0390f96ec9660f9790108b03feee44ad75b
ef77a8918ed19e4c73ba620ee2fba77e1058d8b132768ef034dc10322d560aa0
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210304-ej6xj6dztx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
f9d949d2f56c449c5d346bb93ed04d38426f563b022dd179ae330dab46682c3b
MD5 hash:
871e23d748ba756eaab5777708f250f8
SHA1 hash:
c9816d4ab38541aaab9aa3eab7cb4898d0b72e4a
Link:
https://www.unpac.me/results/ee3ac198-6500-48d5-954d-6a5dc1d264bb/
SH256 hash:
59f6e01fdf0b28d9808e9772276b8dc308443de9ce1dc1d847c4d3fbcf8084dc
MD5 hash:
6a1a83e2875f9e39f5c5ad11cefb47cd
SHA1 hash:
58489b25518689e9ce25d5514e6c3695b4fab130
Link:
https://www.unpac.me/results/ee3ac198-6500-48d5-954d-6a5dc1d264bb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/59f6e01fdf0b28d9808e9772276b8dc308443de9ce1dc1d847c4d3fbcf8084dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/122281/

Comments