MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e535e14d9c68eeead0a2b8067ba00220f65457edfbab0a83d8654f2d1f4cf47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	5e535e14d9c68eeead0a2b8067ba00220f65457edfbab0a83d8654f2d1f4cf47
SHA3-384 hash:	25d968edb5328fafa31900794b33b427a3f0673f995c9fb3c879fc56f1539084d48955299489c9404db3a26671bc039a
SHA1 hash:	f7fbbccd30af67d13400031d36c80ea1176318ec
MD5 hash:	838488cba2335ebd36779c79b892a04f
humanhash:	east-whiskey-connecticut-pizza
File name:	h5521CZBe30yV4B.exe
Download:	download sample
File size:	677'888 bytes
First seen:	2020-10-15 10:55:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep	12288:sODlMxPm2orX+vHIA40D82WjTVElwkApl94CGBom1r352GnQgmQ:5jX+vIEDWjTzzDTGBoErJ2S
Threatray	36 similar samples on MalwareBazaar
TLSH	76E4BF785EB05E6BDAB82175820021B346F69ED32552F6A53FD93CC9B2FCB0B0392517
Reporter	abuse_ch
Tags:	exe

abuse_ch

Malspam distributing unidentified malware:

HELO: ns3022570.ip-51-254-199.eu
Sending IP: 51.254.199.53
From: effactura.placo@saint-gobain.com
Subject: SG–Placo-eFactura 8342027482_2001998_(20201014)
Attachment: 8342027482.rar (contains "h5521CZBe30yV4B.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

70

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/71262/

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/492156

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5e535e14d9c68eeead0a2b8067ba00220f65457edfbab0a83d8654f2d1f4cf47/

Threat name:

ByteCode-MSIL.Trojan.Perseus

Status:

Malicious

First seen:

2020-10-14 19:57:12 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lzjv4fgzy2ho5likfoagpoqaeihwkrl6365lbkb5qzkpfupuz5dq._file

Verdict:

unknown

Similar samples:

246156633ce2b7891473519e7f2063b3d547239ab864a566b6901d3a45ae86c8

489daeea6bc3472ed4d59ecd6127bf14ed8c1c0ed7ae00fafaa743dbccc6ce30

6d709ab6cce6661ebf8fc4002246819cb68d17267e029d89c82b19a0813690dc

6f28f66d9d9638be7828926fac666ff4724027366a31ca454ed308d7f4a8de34

729796b31a6652d6ce3b87112b30cfd4ec5f7e8761b35fe1b16e39b6d12f3ea2

8856115ff84f922ec77286b5a195e76dc4c256dbbd4b88aaa78da7946cc1d34d

9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890

aad062703533358273299324df3738ee62dfda076423e7e7dac5d115571b21b8

d6c304baeef98f5b98d97a5e047c7cadffbd4555cf662cc82644edd40f806d2c

f27b68a5d1e9ac718477e9aa09eb432f12db760572ac59e8715caaaf74035dfe

+ 26 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201015-by2pcq5d62/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

5e535e14d9c68eeead0a2b8067ba00220f65457edfbab0a83d8654f2d1f4cf47

MD5 hash:

838488cba2335ebd36779c79b892a04f

SHA1 hash:

f7fbbccd30af67d13400031d36c80ea1176318ec

Link:

https://www.unpac.me/results/c9de1030-233c-4903-9340-d0235675198f/

SH256 hash:

01dd844990e0c5fdcea0f88712253aa1ef4750316f0734ab7099306170b5ea2a

MD5 hash:

eb593633270aa19162cf64663df9dd6c

SHA1 hash:

2ec57181471ff10abe9a04239ca3ea86ea4252b9

Link:

https://www.unpac.me/results/c9de1030-233c-4903-9340-d0235675198f/

SH256 hash:

74d087ac8231edea53a1b2c25a96591e68e262a93425fc8091946ae2b00e128b

MD5 hash:

a3e2bf29b396847301c53ac9d62e3eff

SHA1 hash:

cc5bc807154c1838f86b505770f3eb6c4aa2bd05

Link:

https://www.unpac.me/results/c9de1030-233c-4903-9340-d0235675198f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5e535e14d9c68eeead0a2b8067ba00220f65457edfbab0a83d8654f2d1f4cf47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar b115f4f7ae44a67f1f0f5c4c065e8d219f88316dbbddcb4d539a85d22e2444fd

exe 5e535e14d9c68eeead0a2b8067ba00220f65457edfbab0a83d8654f2d1f4cf47

(this sample)

Dropped by

MD5 5bc6c916ef468a08cbe6e978b4a764d3

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/71262/

Dropped by

SHA256 b115f4f7ae44a67f1f0f5c4c065e8d219f88316dbbddcb4d539a85d22e2444fd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample