MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78
SHA3-384 hash: da2c2cc9c2ecb2153676a5e737130f00cdd3f7835199a2f1769a16bd322f6b27168418abc10d563fc35176d166a72f36
SHA1 hash: 8226f3a2c54053e6bb9e0ca5230f486a364f370b
MD5 hash: 379d5341f78204ef45d48eeb2ded87c8
humanhash: lake-comet-sixteen-east
File name:PO-098000.exe
Download: download sample
File size:869'376 bytes
First seen:2020-08-14 10:58:02 UTC
Last seen:2020-08-14 12:10:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:Lyf9MUll0RzmrjMDTayE+dBwXLVQEzGPU9:WVFll0Rzkji9nHecM9
Threatray 6 similar samples on MalwareBazaar
TLSH A10512153EA88A29E1E38B3DE4D2B430273D354DE526D7555E59A88E0CB33FD4C13EA2
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: wanriton.com
Sending IP: 45.137.22.52
From: Roy@wanriton.com
Subject: PO-098000
Attachment: PO-098000.7Z (contains "PO-098000.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45858/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.22910.20294.6655.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/429532
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 267244 Sample: PO-098000.exe Startdate: 16/08/2020 Architecture: WINDOWS Score: 26 13 Machine Learning detection for sample 2->13 6 PO-098000.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:59:10 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=obwd4kxg5vzaicvzxhe5pemkeq3ifccibveh5bx4yfzrcfdfnz4a._file
Verdict:
unknown
Similar samples:
13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb
3a401149f225ae5e95303480b98a80c0374ca1e4589d15ac79aa2b2a646f66e2
3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d
5404f329ed837bd8c8f109255711f9a8d7f5e0b05ea6e575408473834a5088bd
b6c0b0c1a9637ebc1fb2944ab47cdbd039b29dbf7d0e979769d6d5c209a8f01e
dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-yze9e98xtn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 6bb56dec6e54999f36d8d4af3322c985090b2ab578b4a9ccd420ee18b4869698

Executable exe 706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78

(this sample)

  
Dropped by
MD5 3f73e96792ee65277b97f04e706d90a5
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45858/
  
Dropped by
SHA256 6bb56dec6e54999f36d8d4af3322c985090b2ab578b4a9ccd420ee18b4869698

Comments