MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2
SHA3-384 hash: 3f862ec08082f40e11ad2f5aa78f0f93faf4a66e1792b59458757417581bd9a480d09e4518bbb2e050482699b7c71a68
SHA1 hash: 1e759728193a162c9862b00de29565161ffa3031
MD5 hash: e4e63bd0e98557ddcc77816ee482dc0e
humanhash: tennessee-jersey-arizona-mockingbird
File name:ARSÄ° TURÄ°ZM SANAYÄ° Order OCT 2020.scr
Download: download sample
File size:52'168 bytes
First seen:2020-10-13 10:42:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'602 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 768:jIKUbKmAlu3hlOamiyIQHCXELqHBr0nVlbCUf2h3:jIDKmAQ9mFaEOr0nVQUfy
Threatray 8 similar samples on MalwareBazaar
TLSH 11334F9DA788DE43EA79B7341ADB849102F064B3A632C365AFED1ED0F9711185E0DE07
Reporter abuse_ch
Tags:geo scr TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pas0.g1economia.com
Sending IP: 45.84.196.87
From: Erdal AYDIN <offices@g1economia.com>
Subject: ARSİ TURİZM Order - OCT2020
Attachment: ARSI TURIZM SANAYI Order OCT 2020.7z (contains "ARSÄ° TURÄ°ZM SANAYÄ° Order OCT 2020.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70408/
Detection(s):
SecuriteInfo.com.Trojan.Siggen10.37032.31413.10257.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
Creating a window
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/489562
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2/
Threat name:
ByteCode-MSIL.Trojan.Masson
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 10:15:32 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lxuiypgxxqtjh5cxqog3qepcr52ewiq7a5gbmv6o4ol2bjnogoza._file
Verdict:
unknown
Similar samples:
03811aadd6602954413ae6ed4bcddc6faa77172cbdc58639d060ebb3e875ce3e
0f014ffb0f5d6c1d60604f77036406bab647d0eec541be614a604160c202c3ab
1f5cc3d14ed7d3dfd62362cc4c50d6839227fac3342b83e2fbce1e92841eb260
2ed611befc2af97a0bf7bada7f7b53d4f625f99620983252455e675d22021bc6
3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8
95c37518f5a88778d1faad771fcbdc5d1a0e816b9e9b8cd7763a258f5445d79a
9f2db3c39e19066111590682924d0c124e83b13c1acebca4059722d8e7fc649c
f4c535616a04819e9553cb3dbac66db0021065fb89a5e5c799c0b4eb301fb582
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-59rmdvnc1e/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2
MD5 hash:
e4e63bd0e98557ddcc77816ee482dc0e
SHA1 hash:
1e759728193a162c9862b00de29565161ffa3031
Link:
https://www.unpac.me/results/bba7b3d1-97a8-4deb-aed5-ff739cb79919/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z f7bf24c16aa24c508c9b8e6793b310853d8ce227840eb390c0ab8486e57f729b

Executable exe 5de88c3cd7bc2693f457838db811e28f744b221f074c1657cee397a0a5ae33b2

(this sample)

  
Dropped by
MD5 20dea285af225b05519ec6d299df141d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70408/
  
Dropped by
SHA256 f7bf24c16aa24c508c9b8e6793b310853d8ce227840eb390c0ab8486e57f729b

Comments