MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 985bc1027ad2c2656ede64ca442a4a264b7a93595bac07015a03619b3e87d894. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 985bc1027ad2c2656ede64ca442a4a264b7a93595bac07015a03619b3e87d894
SHA3-384 hash: 972edbef3f7aea573144b9859d3360495e6a83ed5cc19c1ff1bbfc0525cadc5b83fd028c0418049d8fea8e15b96185e1
SHA1 hash: 838e282334e22cfd3c80965fb8f114a1da03419a
MD5 hash: ee1af0fdb25559b16295b45316762c6b
humanhash: avocado-burger-artist-green
File name:Todo.en.Uno.Mario.Collection.exe
Download: download sample
File size:4'262'091 bytes
First seen:2020-08-18 11:18:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 35bbc20be27b9de06e5f37c77c0fca39
ssdeep 98304:iglZwwMelxCFxiWxyikQQl10DilUUekeLc6msdP5a4i7N2EXaWEduEJO3B/L:+3Hhx7pqUUek2cigR7BiRYRL
Threatray 9 similar samples on MalwareBazaar
TLSH D01633A172A080B6F61B11730CFA3B7DE56ED8105F67A28BA38DDE1DDC325805521B7B
Reporter abuse_ch
Tags:exe Outlook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: NAM12-MW2-obe.outbound.protection.outlook.com
Sending IP: 40.92.23.22
From: karina Perez <karinyi@hotmail.com>
Subject: JUEGOS MARIO
Attachment: Todo.en.Uno.Mario.Collection.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47734/
Detection(s):
SecuriteInfo.com.FakeAV.IDY.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Delayed reading of the file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/985bc1027ad2c2656ede64ca442a4a264b7a93595bac07015a03619b3e87d894/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbn4cat22lbgk3w6mtfeikskezfxve2zlowaoak2anqzwpuh3cka._file
Verdict:
suspicious
Similar samples:
1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5
250cfc3bf5271e6a5cdd6ebe240865bf2f960c877590b679c878181b42f85341
548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
b87295a4b2fb2d2f4df9d502d52e2f50a5e9b3ba9f56b17e252fa0f3022ae6f4
cfb6b2b831592f1ebd43929977ae4963f8c2b3b2472214c82c3c3c1513a6b54f
fc0ffda44e2748b424639a1592356cc209abf6045a8d6a069f5f562ea1f31763
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-xhrk9xepba/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 985bc1027ad2c2656ede64ca442a4a264b7a93595bac07015a03619b3e87d894

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47734/

Comments