MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a
SHA3-384 hash: 25db03872b41d441a34385513d746b48571e5baa5d3127ffb575d5c94ad91237d8e6423c32bc6d2dd3fbb904701496bd
SHA1 hash: 0dd3fe84bd1349b0dcb4e8f81431ace37138f6eb
MD5 hash: 551c772932c3a2d9e1f145a9cc3a236e
humanhash: mississippi-fruit-july-juliet
File name:SRSPO,pdf.exe
Download: download sample
File size:673'048 bytes
First seen:2020-10-09 06:33:59 UTC
Last seen:2020-10-09 08:02:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'658 x Formbook, 12'249 x SnakeKeylogger)
ssdeep 12288:rHISARH08GyHHtlnBFmss6c61DGD1BNtqj97wkMIsDN39NRWcBXSomyijJ5FDt3V:8SUBFmss6c61DGD1BNtqj9UkMIsDN39U
Threatray 1 similar samples on MalwareBazaar
TLSH AAE4B39706C4A8D1E83A767FAE5448A30AFB3D72A524A0F73944B9DC6EF23C41723D45
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.frofr-atibu.com
Sending IP: 45.95.169.149
From: Olive Naredo <oviedo@otis.com>
Subject: Re: SRS PO#58385
Attachment: SRSPO,pdf.zip (contains "SRSPO,pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/486383
Signature
Binary contains a suspicious time stamp
Connects to a pastebin service (likely for C&C)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-09 02:09:13 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbca2cayld2rsaupl4sp5pvljs6z7m5he7aygpvahkzwbicqz4na._file
Verdict:
unknown
Similar samples:
4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201009-33nt8bay9j/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a
MD5 hash:
551c772932c3a2d9e1f145a9cc3a236e
SHA1 hash:
0dd3fe84bd1349b0dcb4e8f81431ace37138f6eb
Link:
https://www.unpac.me/results/9026779f-5f2b-4f1b-b54d-45c850ac9325/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b0ba19e5a2dca2ff7cb9630af71991c3359b0c485264bd2bd721b6fae5a0291d

Executable exe 60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a

(this sample)

  
Dropped by
MD5 23b35bc7383a3d5e676457af71bc67df
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/69456/
  
Dropped by
SHA256 b0ba19e5a2dca2ff7cb9630af71991c3359b0c485264bd2bd721b6fae5a0291d

Comments