MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a
SHA3-384 hash: 2ba83ad7c3573dee6b74db0c509cfdee1dfa0c4a760e49b16d593ec71dbba889ef2dce93d1511f9fb771f63ccccb617a
SHA1 hash: 94474c2f6e1dbf9a1c76d772e420a714a88082d8
MD5 hash: b93c8aee13eae20178847d11934e292a
humanhash: speaker-butter-iowa-mike
File name:5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a
Download: download sample
File size:154'624 bytes
First seen:2021-01-07 13:08:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:vgQDm9mcjqbN/l71vJpVZ0y13knCgmgn9ry8o05lhUqrAMgTPA1p8Dja+auDOLQb:v1imcjwxvHVZ0y1UCgVnECv
Threatray 13 similar samples on MalwareBazaar
TLSH 7AE30750EA1DACD9E7D9D1B3B93A8B101575BBDB92F880AF1265370056B37C320B7C06
Reporter madjack_red

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BTC Payment Proof pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-01-07 11:18:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/47b4a7d2-000d-4d9e-a7b3-b19a321ea8bb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110819/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6413.18876.23611.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a window
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/575831
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 336969 Sample: aNl1MWYqYa Startdate: 07/01/2021 Architecture: WINDOWS Score: 76 38 Antivirus / Scanner detection for submitted sample 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Machine Learning detection for sample 2->42 8 aNl1MWYqYa.exe 3 2->8         started        12 vlc.exe 2 2->12         started        14 vlc.exe 2 2->14         started        process3 file4 36 C:\Users\user\AppData\...\aNl1MWYqYa.exe.log, ASCII 8->36 dropped 44 Injects a PE file into a foreign processes 8->44 16 aNl1MWYqYa.exe 5 8->16         started        19 vlc.exe 2 12->19         started        21 vlc.exe 12->21         started        23 vlc.exe 2 14->23         started        signatures5 process6 file7 34 C:\Users\user\AppData\Roaming\...\vlc.exe, PE32 16->34 dropped 25 vlc.exe 3 16->25         started        28 powershell.exe 1 19 16->28         started        process8 signatures9 46 Antivirus detection for dropped file 25->46 48 Machine Learning detection for dropped file 25->48 50 Injects a PE file into a foreign processes 25->50 30 vlc.exe 2 25->30         started        32 conhost.exe 28->32         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a/
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 11:40:00 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lk33v5c2neswiotvccsr2ofuo2pshvfyax4xopng4zxtopcjpwna._file
Verdict:
unknown
Similar samples:
05eda8f2c817ec399048cbcfed705c795be9bf403f746b37d4a073e47bd3ffd3
20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850
20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470
5b671338b81105b0b72028af87cba105472e67f019dc5c784b259b99e670c63e
ab928789224fd46229b8c5caffab8625636b7005ba793c796c0696e157da4c99
af45ff354aaf65c450cf147194b0f746243361b1385abe580ba10246fee9bd66
b1ec11ffefb1d9d29251fe84c8712c74c331d4172597f038112ecba875b38d3e
cea37cf1f7250974f023b32b47239ed4aacfdcb283cd898050e9ea6495a9c11d
ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0
f2848bb06faec26cdb7bf8df01c598641d0d73c8b7c58a7aed106e9864942cf6
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210107-3da59kce52/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a
MD5 hash:
b93c8aee13eae20178847d11934e292a
SHA1 hash:
94474c2f6e1dbf9a1c76d772e420a714a88082d8
Link:
https://www.unpac.me/results/2195555e-376f-43f3-93a5-221580b5bff9/
SH256 hash:
b8bd4d4076c06fe25ac772dd0d0494977c0ae12d3106036818b0fb0188b0fec4
MD5 hash:
58816dfa180cf730526298f064368963
SHA1 hash:
0423abc78aa8e878870721220a9d280a775e6ff2
Link:
https://www.unpac.me/results/2195555e-376f-43f3-93a5-221580b5bff9/
SH256 hash:
5026b4d5a20d9bd7f07f111adbfdcdffa3423e83a1f5a982c1c34ad610eaa678
MD5 hash:
51aed80bd9770c6cd1f8782f1e37eeaa
SHA1 hash:
9130e5240d562529ff74c9664fa906168a11012d
Link:
https://www.unpac.me/results/2195555e-376f-43f3-93a5-221580b5bff9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/110819/

Comments