MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6
SHA3-384 hash: 42d88ab66408ae9b591d951a6f36098ddbb53c44e05b60f2a1979edf046bbfcf7497cfeb800f8cb94bf1fb62748ce8b7
SHA1 hash: 9c53584711b1d3efaa0d5aac655378d0ce912f22
MD5 hash: a9e3dadbe56608f3ba4519f71564e8a7
humanhash: earth-uranus-pip-uranus
File name:payment copy.exe
Download: download sample
File size:42'624 bytes
First seen:2020-10-13 17:52:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:tfUzDIDyWNw5gnlKP06dNVBVrVBVgVBVgVBVUVBVnVBVnVBVOVBVgVBVgVBVgVBA:tfSDIVNw5gUM6zPGzu4h3xUf2hq
Threatray 12 similar samples on MalwareBazaar
TLSH 68130CCA26CEEE71C93D253C99C394D40DF020A3D6A1D578DEDE8ACCA0B4A4C2B47975
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: bharatfastenervalve.com
Sending IP: 139.28.36.172
From: Kyriacos Mouzouris <sales@bharatfastenervalve.com>
Subject: Fw: Re: payment copy
Attachment: payment copy.zip (contains "payment copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70592/
Detection(s):
SecuriteInfo.com.Backdoor.Bot.10095.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/490193
Signature
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-10-13 16:37:57 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rtmachm3nidiqobvsww5jrvvpjv4dzl6mhqibh7w3bzt2mlcpwta._file
Verdict:
unknown
Similar samples:
00337a66e05b2b37e5f164a9da04b6d3de9a8a06601d972ce1c46ec5024e4d87
03811aadd6602954413ae6ed4bcddc6faa77172cbdc58639d060ebb3e875ce3e
2d73150d7b199e09b62cce531fc0841bab9ffc59d37f6da2528d0ebc60b934e1
4d6b2ca9c6a2ac2f7fc682f093035f01cf18b2f3aca553299316616d46b46a11
4fedda898f576336ee03b6171f90a06d6132b314d37e4ff58e1b0a5b1fdc05dc
88e157995a6f79f670bad1611fdba6514152bb1f2682e0dbc28c3e9291b8c221
b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab
bf277d4c78d64622787635c3bd7c55fcf2bfdff94171957baeb677b7efd08795
ee41bffec9b30b0e5e1ee01e07482c92ea0f0663734833e3ac76de4e6388f025
fc00ea7ef331265218e64f035bd729c59131d237326e0fc76d0e7572c0220276
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-4m7atffynn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6
MD5 hash:
a9e3dadbe56608f3ba4519f71564e8a7
SHA1 hash:
9c53584711b1d3efaa0d5aac655378d0ce912f22
Link:
https://www.unpac.me/results/3152aae9-3fd1-4ba4-a388-bf7da53f4e41/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b2798a87f312853be8dd1031c553248245526135ce443e3123b870439416bf7a

Executable exe 8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6

(this sample)

  
Dropped by
MD5 954d464c26c130e1e491a9bffab8995d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70592/
  
Dropped by
SHA256 b2798a87f312853be8dd1031c553248245526135ce443e3123b870439416bf7a

Comments