MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92be89b620f61dba7a3c69c6e597787a02b9b8f7e0de333c589ce5048cbd8e6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92be89b620f61dba7a3c69c6e597787a02b9b8f7e0de333c589ce5048cbd8e6e
SHA3-384 hash: a7ae2bb0f377cddebc012b0b5a64edd1c2f211782882dce77a4ce435c6c65b587f55de22cc4cde6a9347612e6244f8fd
SHA1 hash: 341fe1860c17c313dc912d8bf9a2280c21ef28af
MD5 hash: 2fbda71c6ecde05489ff10f12afaba70
humanhash: illinois-network-sierra-white
File name:items_globalsources.com
Download: download sample
File size:457'728 bytes
First seen:2020-08-06 13:14:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 6144:o6g75UmnBUkXskGlMMn74UObr67FhlVlp1zAzv4prf2cIUyL:rMOmKhlJxFhTlp1zAzgpKcIU
Threatray 49 similar samples on MalwareBazaar
TLSH F4A4AE107A80D902CB294E3BC56441F046B6EE2EEE22D3972AC53E6F797E7F404156E7
Reporter abuse_ch
Tags:com HostGator


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gateway22.websitewelcome.com
Sending IP: 192.185.46.225
From: Acharya Balkrishna <eng@szboxcon.com>
Subject: RE: DQM 4,,8,10 confirmed items
Attachment: items_globalsources.rar (contains "items_globalsources.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/41182/
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.13005.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Creating a file in the %temp% directory
Launching a process
Deleting a recently created file
Deleting of the original file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/413970
Signature
Binary contains a suspicious time stamp
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92be89b620f61dba7a3c69c6e597787a02b9b8f7e0de333c589ce5048cbd8e6e/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 13:16:09 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sk7itnra6yo3u6r4nhdolf3ypibltohx4dpdgpcyttsqjdf5rzxa._file
Verdict:
malicious
Similar samples:
082433d5a03c1b8d3afcddfd4dade5d0d14366ad0d1e8d04c2f70fb40558b9cf
28a945b0afb49fe99da8a39746a00b93c1a2c0d5b8735e11d8617bd696b2f199
4e9725c1d27ec7cf15d2b159b703764c59ee647a76060e937fbfca3a73ecf889
6ed38f127b3a25cff62c0855aeba85a7134a400b1dd4ef06412c2a96729b9991
76021aea3ce29a8755d97b4c13d16a7bcb9eb0bd6e1a2d1df62ffeb8fb9397cd
a7ed52eaed3c431823109509515c36b6bf45aab634606980509950674f018f88
b8860da111fd60fd6bcb2d6ffd3f1a62357d1da8888b766726bcf0919ba25e3e
e237d6e3b44c0bcacf4eff59f58c8028a48c0675f283adc96490ae6daf645bd7
e91568f40d148d2bdf04cf14156febbbb0d72e10b876c38d0900e0a66cb8706f
febbc268d54ae4612531ceb696c39bd8c0a60ea22d2877751eecce32bd651257
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200806-xq7z8v4qjx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Loads dropped DLL
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/92be89b620f61dba7a3c69c6e597787a02b9b8f7e0de333c589ce5048cbd8e6e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar aa02a3fdc9a0f8fad335925a6f45319cf2749c0e0a2405da6277b8fc1236147f

Executable exe 92be89b620f61dba7a3c69c6e597787a02b9b8f7e0de333c589ce5048cbd8e6e

(this sample)

  
Dropped by
MD5 ccd82692def1171af493a57b50f65830
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 aa02a3fdc9a0f8fad335925a6f45319cf2749c0e0a2405da6277b8fc1236147f
Cape
Cape
https://www.capesandbox.com/analysis/41182/

Comments