MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 73daa7c456a2dc8ebb8b372c752253c4d70ee390e35cc37b25f56571d31143ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 73daa7c456a2dc8ebb8b372c752253c4d70ee390e35cc37b25f56571d31143ca |
|---|---|
| SHA3-384 hash: | c34c6551988c93474105995909fef88f6fb98a352a9f5fe08ef45be10b7cc721dae16d3f6b04b245da3d45e091430f34 |
| SHA1 hash: | 23b9d4afe13510bc0b3787c7fffc2ed4eff84922 |
| MD5 hash: | e03ce62047a03234bc980521c8588649 |
| humanhash: | juliet-venus-pasta-mobile |
| File name: | New purchase order 50,689$.exe |
| Download: | download sample |
| File size: | 1'073'664 bytes |
| First seen: | 2020-10-24 06:37:07 UTC |
| Last seen: | 2020-10-24 07:58:18 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger) |
| ssdeep | 24576:4e4viAk7GFwvtkmHeIzPypPZso7sezPHux1qXzux:4e4/k7GivhhzSRsOVPH6Mm |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | BD351230319B6FB1E6BD47B0103C564A43F23C4A2AB9D46CCDE172EEA660F45AB54E53 |
| Reporter |  abuse_ch |
| Tags: | exe GMX |
abuse_ch
Malspam distributing unidentified malware:HELO: mout.gmx.com
Sending IP: 74.208.4.201
From: al-safi <al-safiscs@chef.net>
Subject: Re: Purchase Order Details
Attachment: New purchase order 50,689.rar (contains "New purchase order 50,689$.exe")
Intelligence
File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a file
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Signature
Allocates memory in foreign processes
Binary contains a suspicious time stamp
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-10-23 19:45:23 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
unknown
Similar samples:
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
31ce938626ccfb399fe1696710caf46d7ae9eb598b9d7d2aad719b594658469b
MD5 hash:
0aebe46040ceb011e78506d4985fe3de
SHA1 hash:
218ac1e7b14a66c604ec3042f8486bed9cd4c2c1
SH256 hash:
50ec8550ad8cf275128bbfd01958ce46c8052111ee30e3a153bf1c9435c5aed7
MD5 hash:
f44435af17508faf2a8cea679b0fe6a6
SHA1 hash:
575512f1012918c0c3c6b39a6d06996911600a09
SH256 hash:
00ad03e71f171603391b948b31b54fe3d6fe6df455860488a1d23226c7236e80
MD5 hash:
b3f605fcad85f03260fbab3b82473d8c
SHA1 hash:
9211d023e381622dccae9845475446c6c8b888c8
SH256 hash:
73daa7c456a2dc8ebb8b372c752253c4d70ee390e35cc37b25f56571d31143ca
MD5 hash:
e03ce62047a03234bc980521c8588649
SHA1 hash:
23b9d4afe13510bc0b3787c7fffc2ed4eff84922
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe 73daa7c456a2dc8ebb8b372c752253c4d70ee390e35cc37b25f56571d31143ca
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.