MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079
SHA3-384 hash: d9696a6165dccbf60f4f068acfa05b9a9b9c7656ef0f34006176d83fe22f89e7d9cdc26b7e5bf79bc83157b2c5a7f126
SHA1 hash: 6bdb14601fe05bfc387554dc386df3534425e1fa
MD5 hash: 32a0a337fb2d1db6142c3ea3ba917d8e
humanhash: gee-cold-zebra-bravo
File name:Scan_Documents_IMG-00291-H73US.exe
Download: download sample
File size:1'149'224 bytes
First seen:2020-10-12 14:46:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'604 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:CwlaGTywWYUiFBAj+T4gXHdIYRs5QLcVRWqS8gbVKpN5ycpbS2L7d2H48DRmBQea:/laGTywWYUiFBAj+T4e9ON5ycpbS2L7k
Threatray 7 similar samples on MalwareBazaar
TLSH 8135711073F8761DF6FB1BFCED749F5209B7BAAA6A15C11C1404106F04A2A98E9A3773
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vervehealth.org
Sending IP: 185.29.10.101
From: Verve international<dra@vervehealth.org>
Subject: Purchasing Order
Attachment: Scan_Documents_IMG-00291-H73US.R10 (contains "Scan_Documents_IMG-00291-H73US.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Variant.Bulz.109678.10256.28212.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Sending a UDP request
Creating a window
Launching a process
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/488579
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079/
Threat name:
ByteCode-MSIL.Trojan.Perseus
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 11:52:52 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sppk4oivhjm75xm5en3scgv3xvucet46yxmqg6ujaje2o3i3ob4q._file
Verdict:
unknown
Similar samples:
2484a97154537eeae2439a2f4e5a9191d07b5b342446c6949d7b23318edc3f35
379157b82516cae86d4fdf3d53accc14f42c537429753c7c8f865ac651292c67
3b186df707073ee060879549b75f11e1cad4c225d2dc4d0c3d290e9fd29517a8
6dbd3f42bf990db55372e1e01a3ddb4dbbdf3051fa01492bca882dbc023bb71a
7690c6721de838a1f54b8bf058b68149dac4117f9ff6d1da17d1ebcc00361ee7
d3f6b0b7336fee85292bc3b1f5634f113b561b9c5205f1ac319949628ba281ba
de8963519dfb377711f6178a357ef52920797b67d420295682fef93dfa7c3bc8
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201012-cmsjg984ze/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079
MD5 hash:
32a0a337fb2d1db6142c3ea3ba917d8e
SHA1 hash:
6bdb14601fe05bfc387554dc386df3534425e1fa
Link:
https://www.unpac.me/results/967a29d8-3f27-4347-814d-d8ff02c1f798/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f

Executable exe 93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079

(this sample)

  
Dropped by
MD5 fe5ef19b283158723f121dd9a8e0aa7a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70127/
  
Dropped by
SHA256 4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f

Comments