MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1
SHA3-384 hash: b1ec3065bb10881f665391fbd77efcfb1e6017063d4bcb86e181472ad796c0daa7bd38c622801f20399b7fe1cac123b8
SHA1 hash: 7c9fcee16ca3b81a35782be843406cecb803f448
MD5 hash: a4d789c995239985f1fc547b8cd64c32
humanhash: vegan-illinois-thirteen-mobile
File name:Billing Details.cmd
Download: download sample
File size:544'768 bytes
First seen:2021-02-23 07:15:28 UTC
Last seen:2021-02-23 08:46:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ce95782f94d8c06a522ef2ce68f3fe9
ssdeep 12288:mJZJpZFS02A46A9jmP/uhu/yMS08CkntxYRo:mJZ7ZFizfmP/UDMS08Ckn3V
Threatray 4'839 similar samples on MalwareBazaar
TLSH 46C48D17EB10F10AE452C8B02965929B67397D321280AE03F7C16F5AA6726D7BCF570F
Reporter abuse_ch
Tags:cmd


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pro.mxout.rediffmailpro.com
Sending IP: 119.252.152.37
From: corporate@acrossbroking.com <corporate@acrossbroking.com>
Subject: Payment for BILL 051-2020 Has Been Sent
Attachment: Billing_Details.zip (contains "Billing Details.cmd")

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/118475/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop16.11011.31991.28154.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Running batch commands
Creating a process with a hidden window
Creating a file
Searching for the window
Deleting a recently created file
Replacing files
Launching a process
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/615091
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Yara detected VB_Keylogger_Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 01:14:42 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=smbsrngq5bu3pvxozczfantfemsyym6begufcxj2pd7i23emt7aq._file
Verdict:
malicious
Similar samples:
1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7
25f0420d3551985569fb57497301c7d2f691083d7318d28db5bab2e8a6a0bb85
363755d7a78e52ae1314c7c4a485048269a9680e93bc4cb82098ca6139bfd912
54f76bffd468bfb38aaf0adb0fadbfc9fa3a947b420d002c2206e57c805e6000
5bd645a7783a25d2caa48ee448ad1e47c00ae25e5a7fd9b304ad9422e9e79fd5
6d1939969f1763fa1f69073ed09fa37d443fd3a6739584bf5943ca8e54963023
7576e8a1595d88b7cdb00bb00648c86a60a2e2f7e24442451c528553f467ec04
b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2
c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2
cb23f5a566bfa91b51d3ecd344e3f6025023463532fa4d5edf5d0785814529d7
+ 4'829 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/210223-47scdbd9s2/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Unpacked files
SH256 hash:
930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1
MD5 hash:
a4d789c995239985f1fc547b8cd64c32
SHA1 hash:
7c9fcee16ca3b81a35782be843406cecb803f448
Link:
https://www.unpac.me/results/ae7b2c59-0337-4541-8e01-0afd594d203e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085

Executable exe 930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1

(this sample)

  
Dropped by
MD5 287d0ba1bb71b6bb530d5affdff6abd5
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118475/
  
Dropped by
SHA256 77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085

Comments