MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90cb35e98d876c60a730d1a41d0375c3fb7a7215082af53272d9b3cee013ca0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	90cb35e98d876c60a730d1a41d0375c3fb7a7215082af53272d9b3cee013ca0b
SHA3-384 hash:	7dfbcad45a5eaf7b6b8ae1ec1217eb34a9fc6710b42c128c44d9c03a1d76ef686d99df976fb538c04c4e0a0220acac5c
SHA1 hash:	78bd841348c639c97c42c33ad78928ab4429363b
MD5 hash:	e3e73a9979337c2858a32c36804c2971
humanhash:	maine-florida-alaska-two
File name:	CMS USD Slip Payment_pdf.exe
Download:	download sample
File size:	645'120 bytes
First seen:	2021-01-26 06:31:43 UTC
Last seen:	2021-01-27 06:20:30 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep	12288:4Css7HJP12Wpsp+7GN1dT7aMdUwoSH0Q13kUxkvc:EEP12EA1N7RdXUskUx
Threatray	293 similar samples on MalwareBazaar
TLSH	00D4CF3626096F11E0BE4B3BD4A564108BF9DD03DB32D6AEBDE074DE15B1FA81176A03
Reporter	cocaman
Tags:	exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

125

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

CMS USD Slip Payment_pdf.exe

Verdict:

No threats detected

Analysis date:

2021-01-26 06:37:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b1e2f629-bc1a-4f26-9722-f00390d8a759

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/114610/

Detection(s):

SecuriteInfo.com.ArtemisE3E73A997933.4459.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching a process

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/590222

Signature

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/90cb35e98d876c60a730d1a41d0375c3fb7a7215082af53272d9b3cee013ca0b/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-01-26 06:32:13 UTC

File Type:

PE (.Net Exe)

Extracted files:

17

AV detection:

15 of 46 (32.61%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sdftl2mnq5wgbjzq2gsb2a3vyp5xu4qvbavpkmts3gz45yatzifq._file

Verdict:

suspicious

Similar samples:

2ac56457e5dfd887f318ab16bbc8fa9711095b8cb4cae99f5a34358c9a8502f0

2c4cd5dc3ad1f238e7e186c4ab0fd34c2fb2215c7aadbd85f45850a6dffcde14

37b6d65727f88fe36849efc718e55c7316daf13e6e72effb96eb715bfc22894c

4990b0164b660d9e8966fb35fc3d5f4f30b42c7e3861a14fc9255075b129c86e

69b99d16f072c6ab2687da255681f3f1c3a97746bfe516b206644a5056a99425

85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c

9bf3bb9e44490d5836c31036a78c59c92a51d8f6bfb33363d8c617d27967ff3f

a12d62cf3071c705c6527b3a640f6dfa3f4823cf5289f8be7cba25ac14e79031

d8c285b8cbdafee6b30293d64b2ca92f9fb086247cb906a84c2ba13c364132ca

e7063cc17e4ab85b0ae947f6366f4a955758d2e3ef81bb2476f77aec1f77daae

+ 283 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210126-2mg9fefh6n/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

7303c5444c6f112f61d09053d9a5cef253a55e2b45a297e60af8727b0a6be007

MD5 hash:

e3de8acc669bbf1cef48b705f21dfdcf

SHA1 hash:

6535716134a4820faad79ea89383f64d7714abd3

Link:

https://www.unpac.me/results/cc92d116-83d6-4867-94b1-c1f9d9a9d746/

SH256 hash:

c5e0d33c655fd034b815765864c3e84bd2d3f0686c4f2fc66174d5b94dea47cf

MD5 hash:

e38dd130adbd9621bc49ede0a85ba1c0

SHA1 hash:

3c36b1ad7cbd018ace8a2cd5a8c30553bf5cef2d

Link:

https://www.unpac.me/results/cc92d116-83d6-4867-94b1-c1f9d9a9d746/

SH256 hash:

90cb35e98d876c60a730d1a41d0375c3fb7a7215082af53272d9b3cee013ca0b

MD5 hash:

e3e73a9979337c2858a32c36804c2971

SHA1 hash:

78bd841348c639c97c42c33ad78928ab4429363b

Link:

https://www.unpac.me/results/cc92d116-83d6-4867-94b1-c1f9d9a9d746/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.65

Link:

https://yomi.yoroi.company/submissions/90cb35e98d876c60a730d1a41d0375c3fb7a7215082af53272d9b3cee013ca0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b9adf87e6bdd5cb9cdecfd59e7bde9fea7edd43276afdd7c669d6b6d4065db1b

exe 90cb35e98d876c60a730d1a41d0375c3fb7a7215082af53272d9b3cee013ca0b

(this sample)

Delivery method

Other

Dropped by

SHA256 b9adf87e6bdd5cb9cdecfd59e7bde9fea7edd43276afdd7c669d6b6d4065db1b

Cape

Cape

https://www.capesandbox.com/analysis/114610/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample