MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837
SHA3-384 hash:	5f085d1d55a8703767e0b09877c7ed123efaea12239e03446eaccd680446298d90a1bd714e1254ef9707ce6b2fb398bd
SHA1 hash:	24ed391c6574009691d161ebab2a78586223c26e
MD5 hash:	733819c0857fac5393389bf5e7c98bc7
humanhash:	fanta-finch-quiet-massachusetts
File name:	EFVEXtJ4LsJ6SQr.exe
Download:	download sample
File size:	772'096 bytes
First seen:	2020-10-07 05:06:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep	12288:A7ETdiJN72fJ/JDegcm+BSicxGt9xE7Pb198TVGdvzDw9Eq1YJaUthU0iExpRpX/:wETdiJN7CKMoBTs1Dw9/YkqUmx3p
Threatray	10 similar samples on MalwareBazaar
TLSH	E8F4120065989F79F02F837E5233506A03F9F51A9773DA1C7FF644EA98626C54B22EC2
Reporter	abuse_ch
Tags:	BBVA ESP exe geo

abuse_ch

Malspam distributing unidentified malware:

HELO: vps.scripturnm.com
Sending IP: 45.95.169.112
From: BANCO BBVA <advice@bbva.mx>
Reply-To: advice@bbva.mx
Subject: BANCO BBVA - Notificación de crédito
Attachment: Notificación de crédito.gz (contains "EFVEXtJ4LsJ6SQr.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

104

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68781/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/483679

Signature

Binary contains a suspicious time stamp

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-10-07 02:05:38 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tlc7l4gr76h3sxavqyczuiczns6latcl3zymlv2tpggu7ltpta3q._file

Verdict:

unknown

Similar samples:

0b79ae213820e2a7f0a056e1216738d81b1f9cc87d74c2e36fe3395ea74e9a4c

26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9

4e2611cf16e38e3408539cbdb204ab846229f2f4e06352b2031b7336179811bf

5f7c84c5a62c4603069eada6e50059cc6e2a6cf7ab8be1281e04a7501667a074

6f3b823d339fb8ae56dc4fd98744533b6df2384c617289712d9c8fa9659f6bce

8a571569462613ad58e4b10d9fc396e496721ab5747160224bf6f7b335755958

bd69bf1e3557175c857559ec3963239bd25143262f95b6a425da5fcd70159bc2

c746707553e9ce0ae1b309293151033a32f8f5fc560bcb5ba7d1d467a00d909e

cfc1e734ca131bdb5960adb67561aa12a1d897be879313fd72c20a71c3e014f7

de63dad91264010f951f169683aa6527225433cd645d564dd150bbf30c4ad3da

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201007-96vxqnac8s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837

MD5 hash:

733819c0857fac5393389bf5e7c98bc7

SHA1 hash:

24ed391c6574009691d161ebab2a78586223c26e

Link:

https://www.unpac.me/results/29087277-8ffb-4d0d-b597-62a8413cd792/

SH256 hash:

13b24d3a09d099dabe41cd6cd71607a77e14640b1e9b4ed2d60f6c012f191c43

MD5 hash:

109cedae3c384a1913107f1efad2b7c8

SHA1 hash:

1f7f35b0ed85fa12bb839cbce698e59a30813420

Link:

https://www.unpac.me/results/29087277-8ffb-4d0d-b597-62a8413cd792/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.48

Link:

https://yomi.yoroi.company/submissions/9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 11794b05c587f4bf89a301c7eedacc64e7e827699203515c86b6bc5dfbfad31c

exe 9ac5f5f0d1ff8fb95c1586059a20596cbcb04c4bde70c5d753798d4fae6f9837

(this sample)

Dropped by

MD5 0073ef2af178af5e166157c6504e072f

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/68781/

Dropped by

SHA256 11794b05c587f4bf89a301c7eedacc64e7e827699203515c86b6bc5dfbfad31c

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample