MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SendSafe


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009
SHA3-384 hash: 0f356b5d4b1eed089acba525959190dccf3cd6a3a10dd78156d20464873dda46c502efb57171973d9b986348966b8226
SHA1 hash: 06a53543b1fb081330cc9305e97d42e2107935d2
MD5 hash: b7f8bbdc7ebce44063e724e52a113058
humanhash: stream-video-orange-berlin
File name:SecuriteInfo.com.ArtemisB7F8BBDC7EBC.11658
Download: download sample
Signature SendSafe
Create hunting rule
File size:1'837'400 bytes
First seen:2021-02-04 08:20:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 911be5e1989650042ac958181295d59c (2 x SendSafe)
ssdeep 49152:mwWYaSHcdcKU6R+/Xdo3TpLPdOxx/uji/dqbFADPc:m0HcqA+1o3TxPUD1KADE
Threatray 4 similar samples on MalwareBazaar
TLSH 87850203FFE44AB7C4872576880E00B3406AEE568965FA43BBA5F60D59B47F732D0687
Reporter SecuriteInfoCom
Tags:SendSafe

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'305
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.ArtemisB7F8BBDC7EBC.11658
Verdict:
Malicious activity
Analysis date:
2021-02-04 08:23:26 UTC
Tags:
trojan sendsafe
Link:
https://app.any.run/tasks/d80c5f37-f12f-40d4-91c1-fbcb8905aadc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/115506/
Detection(s):
SecuriteInfo.com.ArtemisB7F8BBDC7EBC.11658.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a service
Sending a UDP request
Enabling autorun for a service
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/598877
Signature
Changes security center settings (notifications, updates, antivirus, firewall)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009/
Threat name:
Win32.Hacktool.Morphisil
Create hunting rule
Status:
Malicious
First seen:
2021-02-04 05:47:37 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n3c2idfrencabbwiyu3rx7tj3ymiqjyu6lj3zg5zysu2tqkr6aeq._file
Verdict:
malicious
Similar samples:
38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
SendSafe
639040459f4506fcc0c84cc54b42d3510792d5dbbe81badecadcb040965311f5
SendSafe
a9a117ae98fd5a5f90a2058461be2dc525bde25a920d9acaeae2490633587392
SendSafe
aba57bf3e798f491ef816d1b91cd5a7d81c72c725d2bd62e94346fc5028593f5
SendSafe
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210204-4lbpftt4hs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
34539121b934d7c789b35f2ab35f647e1143e9410c2d4296b6f666a13a2dacc7
MD5 hash:
0afe4a7f4740e64c434ee30a374d7b72
SHA1 hash:
3fd0a4a4665d4a9634c051fa10d4ea0ac573d95f
Detections:
win_sendsafe_auto
Create hunting rule
Link:
https://www.unpac.me/results/5e4496c9-d643-4653-8edd-70226fad4581/
SH256 hash:
6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009
MD5 hash:
b7f8bbdc7ebce44063e724e52a113058
SHA1 hash:
06a53543b1fb081330cc9305e97d42e2107935d2
Link:
https://www.unpac.me/results/5e4496c9-d643-4653-8edd-70226fad4581/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:sendsafe
Create hunting rule
Author: J from THL <j@techhelplist.com>
Reference:http://pastebin.com/WPWWs406
Rule name:win_sendsafe_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SendSafe

Executable exe 6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/990045/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/115506/

Comments