MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb
SHA3-384 hash: 15012fe49e5ac31a0f006f97add20ead0f4bd60ce56c56796ba20f590f4cf7bf58231304692c801f27581f32f5e08042
SHA1 hash: 0a796c7c29ce5818daf94380493ac9550ea0c66e
MD5 hash: 7024f07a14e0b8e41f4b3f3bf5a98fc7
humanhash: shade-bulldog-carpet-glucose
File name:Attached sell Inv...exe
Download: download sample
File size:867'840 bytes
First seen:2021-04-22 06:28:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'207 x SnakeKeylogger)
ssdeep 12288:Lw8Fl2ZCZiZNpDgO5KihcOiigis+5OPHVdpXXdrrKUQxzRRRRR5qWKL:LzlmpUA5bfslP1Jrr4RRRRR5qp
Threatray 407 similar samples on MalwareBazaar
TLSH 52058E41B2A9C8BBE41722F0D896F4F422957D45EA21952F359BBE1F75F334210A3E0B
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Attached sell Inv...exe
Verdict:
Suspicious activity
Analysis date:
2021-04-22 06:42:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/311cc123-711a-4cd5-93c5-a66f5ba9655b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/143554/
Detection(s):
SecuriteInfo.com.Artemis7024F07A14E0.17301.6084.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/692349
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 395109 Sample: Attached sell Inv...exe Startdate: 22/04/2021 Architecture: WINDOWS Score: 24 13 Machine Learning detection for sample 2->13 6 Attached sell Inv...exe 2 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        dnsIp5 11 192.168.2.1 unknown unknown 8->11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-22 06:37:01 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qmdozv3fe3tn6ufabxwlkirhxlzvz26amzi667setlhcg6pmhhfq._file
Verdict:
suspicious
Similar samples:
25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457
679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e
704bd3f6c7d6671e896d71bc871f415cfc78209ae32cc518e95e39e7c06f83ad
ba2915e301b95f709a0908fc0cb97a4226848f48e98af7172e246a3aff4e244f
bd299f37aa9e98b1f42640c6c588b65fb932abd4c3c4b7d258e37be327ae60a4
c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a
c5f61a493b7fd20696bacb1d153c97b9d36ef692b539c7354e73940e9856328c
dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25
f27dfa34490a595f8ad99b083d4b0e3147b183c651e41760b038339e441b8582
f3b2b42ef8cec0923c1775d70e26d43577f386e0080b5e3215f608dd33e75313
+ 397 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210422-zl7pj1y1ne/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/143554/

Comments