MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62432e5c18aca2d5cfb32de2cba3d79b0de60b72d8930b31e450a8d975a0095b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62432e5c18aca2d5cfb32de2cba3d79b0de60b72d8930b31e450a8d975a0095b
SHA3-384 hash: eba368ccd117c4b1aac3cd4a6075372956bdfd11dab691a288c9e65ec4cc4c299079e10b39f3bc692f394164a87ee79a
SHA1 hash: 63c83861343d766e7a6fc3e9c4fbe26ec1944f23
MD5 hash: 6130c5d9362a0a16a133ef98bd8e1e61
humanhash: mockingbird-nebraska-twenty-fanta
File name:Confirm Invoice RFQ-00032.exe
Download: download sample
File size:965'120 bytes
First seen:2021-04-25 10:12:41 UTC
Last seen:2021-04-25 10:58:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'610 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:XOT/xAiDrg6AJueg4U+0XwsQIuovsW6tJ:Y/mibAYK0XwszJ6tJ
Threatray 10 similar samples on MalwareBazaar
TLSH 2C259B032ED4DA8CF5E90A3D14FD00223FA7D9C2080EAFCA59C7B7AD15E1546F922A57
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Confirm Invoice RFQ-00032.exe
Verdict:
No threats detected
Analysis date:
2021-04-25 10:18:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6ecaca41-8320-4ec6-a191-5765d5b79337

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/144079/
Detection(s):
SecuriteInfo.com.Artemis6130C5D9362A.4216.17506.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/697000
Signature
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62432e5c18aca2d5cfb32de2cba3d79b0de60b72d8930b31e450a8d975a0095b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-25 10:13:11 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mjbs4xayvsrnlt5tfxrmxi6xtmg6mc3s3cjqwmpekcuns5nabfnq._file
Verdict:
unknown
Similar samples:
1a2a8493be747f95ae9b75bde24fc098fa7c83ec0c16be5c65eeedca264a361a
28923e4a9c0a58473ee83f8ce9f09194bdbcf67d6e7ebae1151bf16bb4955f19
3cdf63d5741d54b8749990c5285ed1c521d9e2bfffe61dbf596fb0a5534a0703
a14908b0d11d6602c585b370d9e84736fc4aa34d7120ca5595beb6407a18bf9a
a54e20931a26b860ec76f21d8b24ebc8a20afccc5be8abd5b9de43f120518e75
d17375a4f18beb4ea9d4025561d47ea3cb1fdd1f83d636f6b4d5fffd1c4a0980
def2ee23d3a774c09575c9918cf9f5783339850ff9a150bc2cedf81028107fa6
dfff6768cd44b788ebf3e6a31d5b142d6f5ff7ea2fe7f3cd31640ace304dda6e
e69749b22ac748db61a34128d613965a56d372d06228b8cbd0ad435c3e046f39
ecc540938addc1a440ef6ceb7714a0b45153c04c28df4395e3de18181439341a
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210425-cjqlkk5cz2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
62432e5c18aca2d5cfb32de2cba3d79b0de60b72d8930b31e450a8d975a0095b
MD5 hash:
6130c5d9362a0a16a133ef98bd8e1e61
SHA1 hash:
63c83861343d766e7a6fc3e9c4fbe26ec1944f23
Link:
https://www.unpac.me/results/819f0bcc-9696-48f4-97ab-9d6a94b60498/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/144079/

Comments