MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2
SHA3-384 hash:	1a0be6bafff169ce7594d3c29bd732d5d792964fdb8840fa1a4d3496e159d23cef33751b18731e4ea31bb7c358a98a10
SHA1 hash:	9b1bec89a3f0c020f278d52b4aa4e879eb9050e7
MD5 hash:	cde3f784bb23e56a890738d00c17e10d
humanhash:	monkey-burger-bravo-early
File name:	76gJAocUSVCetXw.exe
Download:	download sample
File size:	744'960 bytes
First seen:	2020-10-14 15:12:14 UTC
Last seen:	2020-10-14 15:57:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep	12288:UTOdO3e6lFgqs5s4j1xa0P/GKtkeUW0Hc1ZShmAby2tmq7ax0/Zu/WFK:fdO3e6lFvV61koJuHcZ/ArH7aKu/WF
Threatray	181 similar samples on MalwareBazaar
TLSH	18F4125023C4D719E835C73C24611A0463F1FEBAE33EC54DBED878DA6AB7A8552D1A83
Reporter	abuse_ch
Tags:	exe

abuse_ch

Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: MANAGEMENT <javaid@cyber.net.pk>
Reply-To: Ericgillis60@gmail.com
Subject: NEW OFFER No PO_821557
Attachment: NEW OFFER No PO_821557.Doc.z (contains "76gJAocUSVCetXw.exe")

Intelligence

File Origin

# of uploads :

2

# of downloads :

70

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/70860/

Detection(s):

SecuriteInfo.com.Trojan.Packed2.42629.21040.3684.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/491216

Signature

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2/

Threat name:

ByteCode-MSIL.Trojan.Ymacco

Status:

Malicious

First seen:

2020-10-14 00:44:34 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=olirt4xgg6jzwkothgpzlvqxcsh5frppbhrb5gc2kiii4u7euwza._file

Verdict:

suspicious

Similar samples:

2f8daf0f7d0ba0b573b93f3e4ffb75e157a0e78be8a07bde8325dbd0efe42b6b

4e8948f851930028b615d1a9779b1d40abd18857c05caf69776251035f86acbe

7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5

a2e772a2b72091fc5996f64198684e85e9d521f620d435c90e36d3327ad44592

afd34bbcb2f23723f06c6cfcca2d802b15b78cbb6d74b4cdefd49b8b230c1f4f

bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd

d0d0d5a151b9b3b42d889373ec62cc4c3f7339cf93cad5ca4d107707298d8005

d7c81b22b82c19f2c3b05ba1b222e317975cc16f4900db415c8e723c7f2eff06

e513fe3d22372fe4e0da834dbecd9fda11473a5861b195d9330b2b23c82650e8

fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f

+ 171 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201014-gp7twhpdsx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2

MD5 hash:

cde3f784bb23e56a890738d00c17e10d

SHA1 hash:

9b1bec89a3f0c020f278d52b4aa4e879eb9050e7

Link:

https://www.unpac.me/results/82f8b353-8ca6-4a3c-b2e0-82c76e89b035/

SH256 hash:

01dd844990e0c5fdcea0f88712253aa1ef4750316f0734ab7099306170b5ea2a

MD5 hash:

eb593633270aa19162cf64663df9dd6c

SHA1 hash:

2ec57181471ff10abe9a04239ca3ea86ea4252b9

Link:

https://www.unpac.me/results/82f8b353-8ca6-4a3c-b2e0-82c76e89b035/

SH256 hash:

8a4cbd8860f79e7a8652814048516062b3664171ddf98a5600cb86c476e230c2

MD5 hash:

5cbbecb2c95c31e222b070f18e329b21

SHA1 hash:

927aa7aa50b5e8227fb80243449a6134ce03c19d

Link:

https://www.unpac.me/results/82f8b353-8ca6-4a3c-b2e0-82c76e89b035/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Barys

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z 1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844

exe 72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2

(this sample)

Dropped by

MD5 715dbce2c805c6dc46cabc3d9c6ddfed

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/70860/

Dropped by

SHA256 1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample