MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974
SHA3-384 hash: f79784d80cbf126933c8afe189bc4d1953f4c15278332ebf6e00eae67adc26aa21e32edacb7f1d103814355105aeffcb
SHA1 hash: d1d37926faf685536e6041d0666b5ca51cc5a30f
MD5 hash: d570731deee29ed76b1a9d7bf2f492c2
humanhash: potato-queen-arkansas-crazy
File name:Order.exe
Download: download sample
File size:447'488 bytes
First seen:2020-08-14 10:41:29 UTC
Last seen:2020-08-14 12:10:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:wQP66YbpRuSEsIRwHK+T+QK2E+v7cECW0YFPuRpM35HbtzNa6s/P3i4IpeGiQtmK:YsRUu0QA/mRGRE6s/fi4TQtmRY
Threatray 121 similar samples on MalwareBazaar
TLSH 7D94AE05F2E58F01C2C46974E4A3683687E2F9863237F39D7F5952E67E423B4894A7C2
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.aldahshan.com
Sending IP: 68.66.240.86
From: Aries Export Pvt. Ltd <support_dhl@webavyadmin.live>
Subject: Re: Order
Attachment: NEW_ORDER_PO.IMG (contains "Order.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45837/
Detection(s):
SecuriteInfo.com.Heur.MSIL.Bladabindi.1.24258.21334.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/429493
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:43:05 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pme6lklwsvvakvglr6qh3gkyximsesp6kexulpxchvpbv2pczf2a._file
Verdict:
malicious
Similar samples:
15c3cfbad0e3b0afe327e53605c463775ef2ae1d5c21b23928a2aa34b7e36719
305d2dc35b0ce0040b0223e8fb187e04ac7c36e99ad620a7b824035183a2ccea
34cbecb7d69d17b347da77599976058e0a02a9930a085d1a5b98505fdfb77a46
354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9
383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c
4f4ecb62cff991d6e30675be71df634dd9f0e48ce95c4ba92fc9116d6cc25896
7e9b9bbb673e25ab8ee790dbfd2a3e489c0d3a88ab73aafe671f68982f1b41da
8025c16aa7b7e0d0dfe71e8f627c287ebefc935a6b65cf180409f36633626277
8a0212846806b7a822b1275aa4421addc9914c4a988fc0ac6458a48dd99ff50d
e0035aa03440db1460ee92e59d384ed20dce147a7f62c846c486da9decac4b28
+ 111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-y7g4sxbjna/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NJRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 9f62481da53ca7d1ce19885ee33bd165655e395edefc7df5174a9b00d34c8ac6

Executable exe 7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974

(this sample)

  
Dropped by
MD5 3cd3f6e21d8726ea4dd0fe6af107de90
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45837/
  
Dropped by
SHA256 9f62481da53ca7d1ce19885ee33bd165655e395edefc7df5174a9b00d34c8ac6

Comments