MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86ea1ec9ed1a1ec9fb2200d2a2f5c81ea06a55ddb4621fc74a627f5eee480d5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86ea1ec9ed1a1ec9fb2200d2a2f5c81ea06a55ddb4621fc74a627f5eee480d5a
SHA3-384 hash: 46e6786be54c25f5ed06498191b6894b935daabbe77201865bceeea430c56e9dc2f009dd296aa5a899c564e436bd48d4
SHA1 hash: c25c693ec5a6b859db49a6e20662cd3033bfc90d
MD5 hash: 0b6a7baed4c36f38682523c9401a0243
humanhash: nine-mike-four-wisconsin
File name:PKO-65213.exe
Download: download sample
File size:274'272 bytes
First seen:2020-10-08 12:42:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'752 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 1536:V1KdmGNgmj97RtAU+TekEttSaMgbRSsGRTKdZOlJdNtPo55rKrFUcDOC53bzf01E:S0Gvj97RtAU+TFrgFdZOHdkIFNME
Threatray 12 similar samples on MalwareBazaar
TLSH 6A448103A92CA4B2EF39A33D40118CC591F55DAC05D8B11A47B8BD3DC97D5226D2FEAE
Reporter abuse_ch
Tags:exe geo POL


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: "PKO Bank Polski S.A." <accounting@wayfinderpm.com>
Subject: Powiadomienie o płatności przychodzącej
Attachment: PKO-65213.iso (contains "PKO-65213.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
troj
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/485405
Signature
&
(
)
a
b
C
e
f
i
k
l
n
o
p
r
s
t
v
y
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 295174 Sample: PKO-65213.exe Startdate: 08/10/2020 Architecture: WINDOWS Score: 26 16 Connects to a pastebin service (likely for C&C) 2->16 7 PKO-65213.exe 15 3 2->7         started        process3 dnsIp4 14 pastebin.com 104.23.99.190, 443, 49735 CLOUDFLARENETUS United States 7->14 10 timeout.exe 1 7->10         started        process5 process6 12 conhost.exe 10->12         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86ea1ec9ed1a1ec9fb2200d2a2f5c81ea06a55ddb4621fc74a627f5eee480d5a/
Threat name:
ByteCode-MSIL.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 12:43:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q3vb5spndipmt6zcadjkf5oid2qguvo5wrrb7r2kmj7v53sibvna._file
Verdict:
unknown
Similar samples:
0bf098aab2e2ec8613a4f819fb56f4cb8f55ba2f4e79274a9a799b59149d057b
30798ac2e4157b25f548e10f23743df081e52bb62865f3bf539ff54440d6c520
5c099242c7525e8af2adb86a20685cdab5c9a7c2b7da862a843e5baf63204f4e
655f642f75237fce5b0547080777dafc29d864bd41d0b53d4f754c205ef499a1
91c1a234f9f1c9bcefa5024b93d5d3dec10f8695a11173f57996df8f6324de79
bcde1303d94bcb85897d2a0615b24c02bfedd074c71131754168030d3be5982c
c20854beeb11adc316f75f01b88cbb0ee65111accea0a199e14d2a03308a006e
cb6c181823fd61558c1e6cefa9f1634d1676984316caa071c24268df493d3629
e0d9158031423f43664f7f990234f952a95a42de4804eda933afb59053643cd3
eddfeca548fc1464fd8937442f58b868ade0a2a5b9a2780384cf622124b35c71
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201008-8bw18b6l8j/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
86ea1ec9ed1a1ec9fb2200d2a2f5c81ea06a55ddb4621fc74a627f5eee480d5a
MD5 hash:
0b6a7baed4c36f38682523c9401a0243
SHA1 hash:
c25c693ec5a6b859db49a6e20662cd3033bfc90d
Link:
https://www.unpac.me/results/8fe416f9-67c2-42f0-b382-e13a80fda24c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/86ea1ec9ed1a1ec9fb2200d2a2f5c81ea06a55ddb4621fc74a627f5eee480d5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso d35bd65285db15a87a640d8ee8026193ae929d5f99aa8f50f15d646d23ce697a

Executable exe 86ea1ec9ed1a1ec9fb2200d2a2f5c81ea06a55ddb4621fc74a627f5eee480d5a

(this sample)

  
Dropped by
MD5 2debd756a1ce8fe31e7f59031056d2a4
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/69225/
  
Dropped by
SHA256 d35bd65285db15a87a640d8ee8026193ae929d5f99aa8f50f15d646d23ce697a

Comments