MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8330fe82dcc9461a750d34f5fb88c161f0a79fe2d235f21c4c0fc7abb001b5c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8330fe82dcc9461a750d34f5fb88c161f0a79fe2d235f21c4c0fc7abb001b5c9
SHA3-384 hash: 1edf0ada5fc24a619e117b0c845570a927a33dfe49b4d8d1d3b0b1a62350cedf072ab5edd758854310447973f38f6f93
SHA1 hash: b4ab6d0b0ea837dccba43f4aaf5f25a24d1d32c1
MD5 hash: 7368bf8d1cd631c857fdcd4a3672e737
humanhash: massachusetts-jig-cat-twelve
File name:Mahavir_Group.cmd
Download: download sample
File size:503'808 bytes
First seen:2020-11-06 17:32:01 UTC
Last seen:2020-11-06 19:39:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3fd5e6907312eda6838c4b5944e91c9b
ssdeep 6144:+GnnGHUFNwF0wUK3cf1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDt:lkF46A9jmP/uhu/yMS08CkntxYRQ
Threatray 3'159 similar samples on MalwareBazaar
TLSH 62B4AE0773D60F91E9BA2A711EA682E017B3BD9B1F37824F7640616D2932F614CA075B
Reporter abuse_ch
Tags:cmd


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: WIN-L66T98C3SA5
Sending IP: 45.120.139.134
From: shiprecycling@mahavirgroup.co.in
Subject: Payment Confirmation From Mahavir Group
Attachment: Mahavir_Group.zip (contains "Mahavir_Group.cmd")

Intelligence

File Origin
# of uploads :
2
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.44372003.31522.569.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Creating a file
Using the Windows Management Instrumentation requests
Running batch commands
Creating a process with a hidden window
Searching for the window
Deleting a recently created file
Replacing files
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Kutaki
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/523538
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Yara detected Kutaki Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8330fe82dcc9461a750d34f5fb88c161f0a79fe2d235f21c4c0fc7abb001b5c9/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 01:50:57 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qmyp5aw4zfdbu5ingt27xcgbmhykph7c2i27ehcmb7d2xmabwxeq._file
Verdict:
unknown
Similar samples:
25f0420d3551985569fb57497301c7d2f691083d7318d28db5bab2e8a6a0bb85
293bf5eeec6d5d30ee3b3d26f73d6cb81f4e080a449774fc8d2c3a724454f521
363755d7a78e52ae1314c7c4a485048269a9680e93bc4cb82098ca6139bfd912
5a979bc05628a8a31ba4e8b2a476b2741ff53c278e0b6eb14a179486e26ee8e8
5bd645a7783a25d2caa48ee448ad1e47c00ae25e5a7fd9b304ad9422e9e79fd5
66d9988ac36da793b04a0de06e655fb3b386fc947c7d0009beaff2ff4da18be4
a01d4a1b86c5cef8726cc8f8c26a93739f10d1f68d101f9d2d94302dc248704e
aac4b85568798e4a2ddb9cdb62004a9933bf9017a70a070528950ede8a962864
af504337b51f5fb5bcc3c779afc95bf5b167431660ebd8b71fcfdff1ec9e227a
fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7
+ 3'149 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201106-rf4wzy69ds/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Unpacked files
SH256 hash:
8330fe82dcc9461a750d34f5fb88c161f0a79fe2d235f21c4c0fc7abb001b5c9
MD5 hash:
7368bf8d1cd631c857fdcd4a3672e737
SHA1 hash:
b4ab6d0b0ea837dccba43f4aaf5f25a24d1d32c1
Link:
https://www.unpac.me/results/480b27f5-c1c4-4b32-9fcd-2d8f1c956c71/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip fe348b59971ebd492fb728aa14260574cd4f642a0725fbd476b10dd1d63daa7b

Executable exe 8330fe82dcc9461a750d34f5fb88c161f0a79fe2d235f21c4c0fc7abb001b5c9

(this sample)

  
Dropped by
MD5 4695fb7b61cca2b5d77c5dfc0910c3a6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 fe348b59971ebd492fb728aa14260574cd4f642a0725fbd476b10dd1d63daa7b

Comments