MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4
SHA3-384 hash: fce381b651e63cb36db2e56aab7d69ff704ca1749b7eb475c6824dabbc51588d41128414e76fc5f6b7d04712a134010c
SHA1 hash: 1e20a4158a4265b9149cd789653f26462325748f
MD5 hash: fff6ec0db81c13f280ee33dc1674fbbb
humanhash: bravo-july-mike-crazy
File name:doc56678854565 pdf.exe
Download: download sample
File size:93'696 bytes
First seen:2021-09-08 00:51:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0162c0d4b083e9259ae3a5f11034f58d (3 x AgentTesla, 3 x Loki, 2 x Formbook)
ssdeep 1536:FrhFuRUyaiMB4O+3Nyyyyyy5jo4LeeeX6g+j3fV:FrhFAa9z+3Nyyyyyy5LeeeKV7f
Threatray 773 similar samples on MalwareBazaar
TLSH T15F9331C67F705842DE04DA3DC32D5F16582B2F74ABE4A20BD1427873ABF368D1917A26
dhash icon 8b13396969336921 (9 x Formbook, 7 x AgentTesla, 4 x SnakeKeylogger)
Reporter AndreGironda
Tags:exe


Avatar
AndreGironda
MITRE T1566.001
Date: Mon, 06 Sep 2021 19:30-20:00 -0700
Received: from mail0.alsafgroup.com (167.172.139.98)
From: "KATHY DO (Ms) / Acct Dept " <infos@fmddistributor.com>
Subject: Payment Slip USD for your Reference
To: Recipients <infos@fmddistributor.com>
Return-Path: infos@fmddistributor.com
Message-ID: <72c2d009-1809-42b3-8009-161fb4ad4699@CO1NAM11FT022.eop-nam11.prod.protection.outlook.com>
Attachment Name: doc56678854565 pdf.zip
Attachment SHA256: 015b279379bb323f990934962c1147018d803bb039d79f19a33c24698d9877c0
Unzips-To Name: doc56678854565 pdf.zip
Unzips-To SHA256: 1c056ca27d22dedd484cf9e8ad07990f0d9819407e4cf85f2e385302b4d9a142
Sample Name: doc56678854565 pdf.exe
Sample SHA256: 84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4
Sample-Drops Name:xbwaqvatvnlh.exe
Sample-Drops SHA2256: 6b13a662f7e44310b730a34b9ac4d8045697868c351db883c1303e1428c851bf

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
doc56678854565 pdf.exe
Verdict:
Suspicious activity
Analysis date:
2021-09-07 22:27:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d5e26e33-6848-4d45-8b1b-8aa12120d7f3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186140/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader42.34782.17143.6532.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Sending a UDP request
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/05eeb983-5b77-45a1-994f-578128003337
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/846980
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4/
Threat name:
Win32.Trojan.Convagent
Create hunting rule
Status:
Malicious
First seen:
2021-09-07 03:52:29 UTC
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qt6clqn4gsqk4cijb5wbktsdc3u3hkvocib7cnamlmsryuplfxka._file
Verdict:
malicious
Similar samples:
1cc1946825bf1c1c707ba6f27dea1ff8c212fc9192e8b794a7cf9da39ad00c36
3c580f5beca53b6599e5f04d3aa68a34bd50521d7ec5d7163849eb69f53a4150
3e22ce49e987a1d097778730877bd196bca1182772dbce70d75e109e1ed64702
4af8190917a24909ef693b0ebb4766ac546821d2d719d61e420012e2492ab743
4cb419b34caf346c3682e22c4981686033e6fc816f376deb89ac698771f55843
8744b1bba11ed42a3e422599468f9d7aa117bf7264875591a82ebbf1dc4dbffa
8fa36ce72b9ecd6dcbcfc55e44bcef14c1bd23c189c2929ac8a2474bd1d0cff1
b84c172a230631c06d71bc1c55c8b3aa411adcac5e30a23097de8f70bdcbe978
c5a4fcf0ba36f533f586ae631aa678f081c50b170d7f9def6ee19b131d12b0d0
dfc761bd651db9fbcf544787fa5b982e93949fda88c7362f34c101f8446a32ec
+ 763 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210908-a739madde7/
Unpacked files
SH256 hash:
84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4
MD5 hash:
fff6ec0db81c13f280ee33dc1674fbbb
SHA1 hash:
1e20a4158a4265b9149cd789653f26462325748f
Link:
https://www.unpac.me/results/86b7b760-3762-46e7-a133-b9a3ea0161d8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 84fc25c1bc34a0ae09090f6c154e4316e9b3aaae1203f1340c5b251c51eb2dd4

(this sample)

Executable exe 6b13a662f7e44310b730a34b9ac4d8045697868c351db883c1303e1428c851bf

  
Link
https://www.malware-traffic-analysis.net/2021/09/03/index.html
  
X
https://twitter.com/James_inthe_box/status/1434885740853301249
  
X
https://twitter.com/executemalware/status/1435374259011006466
  
Dropping
SHA256 6b13a662f7e44310b730a34b9ac4d8045697868c351db883c1303e1428c851bf
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/186140/

Comments