MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81b32b935d60c6d5f8a29a5687da454d45437a86706410f3ec88eb4b04a00ba9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81b32b935d60c6d5f8a29a5687da454d45437a86706410f3ec88eb4b04a00ba9
SHA3-384 hash: 62e93db6e1fe8ea1ceda8ef238c5a4f0af6babcc3412cb87930b36aab26d549318ac64bce4a3bad749bf01f96e63043d
SHA1 hash: bf0aa0c05f2ea0e9ff00b51a024505040da26989
MD5 hash: c9dfaead3872ff958e4a50df0d2b61c3
humanhash: one-seventeen-august-seven
File name:New PO86568755.cab
Download: download sample
File size:26'092 bytes
First seen:2021-10-06 12:44:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:OupDxiT/S4BZ1crIWhOZlqB93WW3WQLhNP6SAvt:xpViG4BZ1crKlqB9FWCst
TLSH T15BC2F1EE9B45324FB57499BB40A41623B26F070DA720925F5F7142ABC089CB9DC0CB0F
Reporter cocaman
Tags:cab zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Claire" <natalibrati@energypca.com>" (likely spoofed)
Received: "from slot0.energypca.com (slot0.energypca.com [92.52.218.73]) "
Date: "Wed, 06 Oct 2021 14:22:19 +0200"
Subject: "New PO86568755"
Attachment: "New PO86568755.cab"

Intelligence

File Origin
# of uploads :
1
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.31235.1599.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated overlay packed
Link:
https://www.filescan.io/uploads/615d9a53e3d213d202b87f7f/reports/09622096-5b2b-4b2c-a5c6-2fbfe8fa88f0/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/81b32b935d60c6d5f8a29a5687da454d45437a86706410f3ec88eb4b04a00ba9
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/81b32b935d60c6d5f8a29a5687da454d45437a86706410f3ec88eb4b04a00ba9/
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2021-10-06 12:45:09 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qgzsxe25mddnl6fctjlipwsfjvcug6ugobsbb47mrdvuwbfabouq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211006-py3n3abba9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/81b32b935d60c6d5f8a29a5687da454d45437a86706410f3ec88eb4b04a00ba9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 81b32b935d60c6d5f8a29a5687da454d45437a86706410f3ec88eb4b04a00ba9

(this sample)

Executable exe 4d0d19f05323dd40e31e393501b9eff9bcaab24dc9dc019036c1921325fb7c0d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d0d19f05323dd40e31e393501b9eff9bcaab24dc9dc019036c1921325fb7c0d

Comments