MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e6079910cd33e0024719dc55eae6dbf1b35d3e7d3cf406a66872b458c72590d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e6079910cd33e0024719dc55eae6dbf1b35d3e7d3cf406a66872b458c72590d
SHA3-384 hash: 0edd47bac445fc8792fac846edbdda38caa9fe91787a1f0c4efbb619102fd50a40505018c4374d03d66af79ca2fe8fc0
SHA1 hash: 36a4f82f59a237c85a83401c06d36f63236a5742
MD5 hash: d9351cc8a5a24f3662a8a44696e47c2a
humanhash: blossom-dakota-connecticut-charlie
File name:Factura.exe
Download: download sample
File size:162'648 bytes
First seen:2022-02-15 09:00:09 UTC
Last seen:2022-02-21 09:06:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep 3072:wbG7N2kDTHUpouDT/FjbxZsnOSiEEPAPIr7Ey0tACPb9m74a:wbE/HU//5PsTiEEIIt09u4a
Threatray 1'571 similar samples on MalwareBazaar
TLSH T102F3F1053754D43BE49387724932ABE74FF9E92026B64E870710BEAD3E232919F1B325
File icon (PE):PE icon
dhash icon c070d88c8eeaf23e (3 x AgentTesla, 3 x GuLoader)
Reporter pr0xylife
Tags:AgentTesla exe signed

Code Signing Certificate

Organisation:KREDSLBENE
Issuer:KREDSLBENE
Algorithm:sha256WithRSAEncryption
Valid from:2022-02-15T03:41:58Z
Valid to:2023-02-15T03:41:58Z
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 2d1d37fdc8bce03ee8de5825f8d6f2b05730e589ac580a6ae6def1a5dfc13889
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
220215.zip
Verdict:
Malicious activity
Analysis date:
2022-02-15 14:21:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a6d6c246-9a06-4514-9632-916a78100f85

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/241558/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Launching a process
Creating a process with a hidden window
Creating a window
Creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/620b6bd0a2660f3bb9d8d62c/reports/bf67d9e6-b18a-4007-81d5-be3997a866c9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/78258815-a576-4ed9-ae08-3151a405e25c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/939965
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Svchost Process
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 572442 Sample: Factura.exe Startdate: 15/02/2022 Architecture: WINDOWS Score: 56 22 Multi AV Scanner detection for submitted file 2->22 24 Sigma detected: Suspicious Svchost Process 2->24 6 Factura.exe 23 2->6         started        10 explorer.exe 2->10         started        process3 file4 16 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 6->16 dropped 18 C:\Users\user\AppData\Local\...\System.dll, PE32 6->18 dropped 20 C:\Users\user\AppData\...\SimpleColor.dll, PE32 6->20 dropped 26 Tries to detect virtualization through RDTSC time measurements 6->26 12 explorer.exe 6->12         started        14 svchost.exe 10->14         started        signatures5 process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e6079910cd33e0024719dc55eae6dbf1b35d3e7d3cf406a66872b458c72590d/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2022-02-15 09:01:09 UTC
File Type:
PE (Exe)
Extracted files:
196
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pzqhteim2m7aajdrtxcv5ltnx4ntlu7h2phua2tgq4vulddslegq._file
Verdict:
unknown
Similar samples:
10f957f6ae25382ddca0fc6fbd364f20d6e4cfa2f49728167bc1504cd3be0c46
4959de8067a62478d5192edb0c7822484ea3f75c643100b4c73b0165eadd8911
4fa28556557b228a0cabb6a51597217e09afdf58a140b1181f0bd8325e6e4d0f
7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
7916f9aeaf36a8fec95e5a5cb7372f509e6597d3b8648a636b425f382e6993f8
b940b5de107ce0167b1c0571795e10fe2ee4dbb38cd0eb658ac9979694eb24dc
c5072b4120ac9daa3dc0e000cce9e6d6e3a1ca01fed779e0b43d877a744409cd
c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a
+ 1'561 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220215-kywtasdag9/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Unpacked files
SH256 hash:
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
MD5 hash:
cff85c549d536f651d4fb8387f1976f2
SHA1 hash:
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
Link:
https://www.unpac.me/results/ea1e373e-65df-4518-9c86-793d2773f748/
SH256 hash:
0b2277d8aaf36e01aca3ae33e227b44bebc541a9c5cef6eb4fef93e96821a6cd
MD5 hash:
b1ba7a8263281244782ca5604876cb2c
SHA1 hash:
b8523dee6d7e74512a05c60cc35c0fddac370252
Link:
https://www.unpac.me/results/ea1e373e-65df-4518-9c86-793d2773f748/
SH256 hash:
7e6079910cd33e0024719dc55eae6dbf1b35d3e7d3cf406a66872b458c72590d
MD5 hash:
d9351cc8a5a24f3662a8a44696e47c2a
SHA1 hash:
36a4f82f59a237c85a83401c06d36f63236a5742
Link:
https://www.unpac.me/results/ea1e373e-65df-4518-9c86-793d2773f748/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.28
Link:
https://yomi.yoroi.company/submissions/7e6079910cd33e0024719dc55eae6dbf1b35d3e7d3cf406a66872b458c72590d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/241558/

Comments