MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b88304422980e3e7dac534c9aaf77ea5bce8fdbaaa678aa4ca9622186f35e41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	9b88304422980e3e7dac534c9aaf77ea5bce8fdbaaa678aa4ca9622186f35e41
SHA3-384 hash:	920491cead1887b176d6e94c995098ed9603daeaf0cc7ae8bf3dcab850e6dac815c389fb611b89bea6271717a127c1bc
SHA1 hash:	b8521203c98a90f089062b698d052e5f97f2e202
MD5 hash:	04be281fa1df206e6663010a0c324d5e
humanhash:	victor-iowa-carbon-social
File name:	pls.exe
Download:	download sample
File size:	2'667'008 bytes
First seen:	2021-01-17 17:54:43 UTC
Last seen:	2021-01-17 19:47:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	24576:djJzJB12XZ+VuGnqFfhee8Nz6Ymsd0rJm4znR:djj3g+EGWAzVCm
Threatray	127 similar samples on MalwareBazaar
TLSH	95C54A1E9DDA40A1E1C4ACB8F7EE26FC05F0437F955466F326995BE9CE41B8A31420E3
Reporter	abuse_ch
Tags:	Endurance exe

abuse_ch

Malspam distributing unidentified malware:

HELO: gproxy4-pub.mail.unifiedlayer.com
Sending IP: 69.89.23.142
From: Chem Kanchana <info@purpleinc.co.in>
Subject: Outstanding invoice 645378
Attachment: pls.zip (contains "pls.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

134

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

pls.exe

Verdict:

Malicious activity

Analysis date:

2021-01-17 17:58:14 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9d531ddb-e010-41bf-9997-10327b9b5a16

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/112389/

Detection(s):

SecuriteInfo.com.Generic.mg.04be281fa1df206e.10199.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/583239

Signature

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9b88304422980e3e7dac534c9aaf77ea5bce8fdbaaa678aa4ca9622186f35e41/

Threat name:

ByteCode-MSIL.Trojan.Generic

Status:

Suspicious

First seen:

2021-01-17 17:55:07 UTC

AV detection:

10 of 28 (35.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=toedarbctahd47nmkngjvl3x5jn45d63vkthrksmvfrcdbxtlzaq._file

Verdict:

suspicious

144e3b521adb2f66b50fd33944e006ed93078559a0469ef44efad381d4865555

1bf6e82ac73d9f1b021f0a58c14f4fa09de9f9449d6ddcbdb93ea8dffc4e07a4

295d0bbeb8eeb0956c87e46ad0beeb66bc02f3c72c20a898ae66d3bfc64e670b

2ac5f360137d404eeed17e0ff1217ad8d38b2b8cae4b762223cb1f3d346f498b

3d39fc826f6ed0115155842080406ffc82f930c5daae8ef710d3c30009fd0106

71883cd434af078341c6e3373713a7cce3f97307ede83e427ea74d43025ec233

84d9c4b6e6175152b0a96f6d629372d0e0f6709609373e0ccb0679b6b854b4e8

8fde2bd043c16448fe13d733e35e388de4a95938f187682f60725d27da3653c8

c497428e9db3ebeb6849dfa2179be4746bd452546e014b8939ac65b0a69ced7d

+ 117 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence

Link:

https://tria.ge/reports/210117-w4n2h7safn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Adds Run key to start application

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

453b093d61e9da9d5890c5b6798723d3f4ae16f64f991058847c25f4ffaae1d4

MD5 hash:

7fa159813d6d12ce5fe27b710fad0671

SHA1 hash:

9ad14635da4574ca3b8fa07200bd87b82c9a7765

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

75d57fc706f1a1ba12df2829824fde3a3d2a2828c66b5b0294b0b8cc0d61c6ff

MD5 hash:

757f4930126446ad5cdda762b7edfa49

SHA1 hash:

89f1c55a8e77d54e966a497649c0eb76afd37645

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

e2b5646e959fcf2f6ed994780262e65c16cecbc9d3421ada3239f26130ebe8d1

MD5 hash:

7a13d5b7628956f87cb4f24b3e66ff5d

SHA1 hash:

5a2a3e4a70a7ef67180b6dea2273c9c3ae162f9c

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

4f81e273da20c5b9835ce6ca57cc061d77764f9e3927bdb1505cb791bf50b046

MD5 hash:

29e19b5dce96140a8b90152b16bd44af

SHA1 hash:

4f3dc6eb876bb58f53966980a9c451a04ec17d8a

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

c06d4e3d0205d9bdd4a4b40b8da710d698b3a5d73a1626c9ca058c10b2c6d00c

MD5 hash:

7f67414b3fd29299f2d29ad7c2afb995

SHA1 hash:

2ec40d57c08c47433a6d044d271d74005dddae8d

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

bb8a1b5428e5a4784f5622e4047f4eb13f0d032f0ae0247014c151db9a53bf85

MD5 hash:

6c33980b7960657d97b095cf9a8210d2

SHA1 hash:

2e1cd4a7ccd754e7fd88ccd7fef6ab1291019566

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

49dc26861fffee2f6440e56a10b7086ea305d2f16bb9e27ba3e08b9893557f86

MD5 hash:

e732cd6decfed3503b4020899d5a56f9

SHA1 hash:

024c1bf147c698e92aae340bbee323601d02a787

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

SH256 hash:

9b88304422980e3e7dac534c9aaf77ea5bce8fdbaaa678aa4ca9622186f35e41

MD5 hash:

04be281fa1df206e6663010a0c324d5e

SHA1 hash:

b8521203c98a90f089062b698d052e5f97f2e202

Link:

https://www.unpac.me/results/00c879de-9c0e-4e72-9051-09c6b6422905/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9b88304422980e3e7dac534c9aaf77ea5bce8fdbaaa678aa4ca9622186f35e41

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 2486f5abec9cec8df1cd60044c839a7a4281725266fa326584aaab4a6ac2db92

exe 9b88304422980e3e7dac534c9aaf77ea5bce8fdbaaa678aa4ca9622186f35e41

(this sample)

Dropped by

MD5 755f30a48de4e77c2e6d581b49be43ab

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 2486f5abec9cec8df1cd60044c839a7a4281725266fa326584aaab4a6ac2db92

Cape

https://www.capesandbox.com/analysis/112389/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample