MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a
SHA3-384 hash: 4c113d2e87b0f60d0b1763756843dc2aa63c75f683fad35bf0878b710f3fa5d4000596ca98f8d7db8f9c8271ff19b347
SHA1 hash: 12524a46fc93e5d0c7b5e8a11440316c263a332b
MD5 hash: bd018d7c0dacf69984d8c17f47803216
humanhash: angel-lemon-golf-network
File name:bd018d7c0dacf69984d8c17f47803216.exe
Download: download sample
File size:815'616 bytes
First seen:2021-01-11 07:47:28 UTC
Last seen:2021-01-11 10:53:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:xWy1UDTAhkWBarrZuhmPUsKJ2dVSNasPjdWlg:MyjGnvZuhm/KJzPj4lg
Threatray 2 similar samples on MalwareBazaar
TLSH F70512841769E7F6DFBC07F915258814137638320A36F7CE2DC0A4EA99D9B0B0D21B6B
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
arrival notice.xlsx
Verdict:
Malicious activity
Analysis date:
2021-01-11 07:17:40 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/3b3e55e5-39c2-402e-837c-e4ea696638c0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111216/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.bc.19920.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/577666
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-11 04:37:48 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nao62qmhozpxev6uiyt2hgnmap75ssamgiqeu33swxixfk54sb5a._file
Verdict:
unknown
Similar samples:
5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985
9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210111-bbaqyl4e9n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a
MD5 hash:
bd018d7c0dacf69984d8c17f47803216
SHA1 hash:
12524a46fc93e5d0c7b5e8a11440316c263a332b
Link:
https://www.unpac.me/results/1d184aff-c6ff-457e-9f4a-34383b86ca2b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/952192/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/111216/

Comments