MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cebc20609d3d9a4f39599787371113c70cc5553f1d15555af232e557c2aacab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cebc20609d3d9a4f39599787371113c70cc5553f1d15555af232e557c2aacab
SHA3-384 hash: 865f6b5bbb2d75ddacc3efc2e945a6b3bdb077a9fc44c460975175de3506a1590150ea57e23cad3979db7abdc3a79a9a
SHA1 hash: fe887cf86863e19ee95499388ed5c681d64359f2
MD5 hash: 69f74d98c1528c113f9bb02b1494aa76
humanhash: two-oscar-nevada-oranges
File name:PAYMENT SWIFT _EXPORT0041323 SCAN DOC.exe
Download: download sample
File size:1'005'056 bytes
First seen:2020-11-04 09:43:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e84ad2fcdc8258e8b185201ca744213f
ssdeep 24576:iQTCo386FXokHD18aTnVVMMY6LkZptutkx3:ie1htRJI6gDstC3
Threatray 664 similar samples on MalwareBazaar
TLSH 1225AE22F2904837D1B32A3F8C1B93A5982ABE713D2859463BE51E7C5F396817C253D7
Reporter theDark3d
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/82696/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Changing a file
Launching a process
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/519994
Signature
Allocates memory in foreign processes
Contains functionality to detect sleep reduction / modifications
Delayed program exit found
Drops VBS files to the startup folder
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Sigma detected: Drops script at startup location
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6cebc20609d3d9a4f39599787371113c70cc5553f1d15555af232e557c2aacab/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 09:45:06 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0e3ea9144ee0c548a7928e5f8511c459972e5b6dd3e706b59677df8d10825c8b
14460141625dd22787e0240e169ba782d157f760a0a01670847e3dc8c0919634
404a8a0adbd4a85e364eb3083b802c19282bfd1cb34a74ca257141db1fca34bb
498a82ce3b34b5db478f98574a168fa0bc53d389e50463cb0a8b76bb5b4314d5
4aeded46b92aeea959a9f7f8315dae9d9ddd3725cb6ff0a01df1820e11ebd2a2
7c94006b4e0347aa48450081134777310805b9f97dd417aae7874f5668d4b208
7ff0b93f3ac5f3acfe8f9718a8c6d0828e65f39e08cee553312cd24d8aed6dd1
98b586cd2517a8296335f30e0e363ab72b047d10e50cec33f41ed93b6b492ca6
9de1f44fb966c4d5a8877059a530b2dd4eb01228b0ea52a78ac43df28140315b
e386d4d99d65ec52f0a9d504a2e8fdfe92309a2a81e6dcfbf5037afc01a1e618
+ 654 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201104-kek98lc96s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
Drops startup file
Unpacked files
SH256 hash:
6cebc20609d3d9a4f39599787371113c70cc5553f1d15555af232e557c2aacab
MD5 hash:
69f74d98c1528c113f9bb02b1494aa76
SHA1 hash:
fe887cf86863e19ee95499388ed5c681d64359f2
Link:
https://www.unpac.me/results/02b27933-e9b8-433a-ac6b-3e4e38e2ffd1/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/82696/

Comments