MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd
SHA3-384 hash: c2c1f248303e70106192abbcdbe1831ea5e4abb9cfd2b32ee3dd8e48cd3e1298802f389fd36f22f60763c2381fcd3f58
SHA1 hash: eb079d89d237b44151c735010dd41462a0effd92
MD5 hash: 1419b3d16ce22151e749b61530bd05e5
humanhash: purple-hydrogen-finch-juliet
File name:1Qyil1JwAcj1DdL.exe
Download: download sample
File size:848'384 bytes
First seen:2020-12-08 08:08:26 UTC
Last seen:2020-12-08 09:31:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'476 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:NkP02stW+sjO1WUlo7hkp0AxORzNjNos+9MG+6huNI4XW6kLPV4iNcIUx:NSYWUu7hk1xORzNNaMv6huNpWC
Threatray 17 similar samples on MalwareBazaar
TLSH 7405AE349FB8153AF57BAB3C86A02446A7AE77D37703CD6D59B602C90723A42C9C163D
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: irest.pt
Sending IP: 51.210.39.162
From: Account Payable <no-reply@saasmonks.in>
Subject: Test smtp delivery
Attachment: PAYMENT SWIFT COPY.rar (contains "1Qyil1JwAcj1DdL.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107205/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.19224.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/557747
Signature
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 08:09:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4h54zrcpn7lx45ludqyl54kqfnm224iriyoyz52pt7jgtuf6h6q._file
Verdict:
unknown
Similar samples:
0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011
1989b7078501dfe26669ba2af737ed8dba616acb527193e3c64eaf3a1942c5b8
372d44cc54918eeb7143b31e1619dae60ed601d4d25d7af53a7daef9e5cb4799
4504cb7fa8692435e6fdbf45891b15cc9e3644fe04995ccba0c98368f42afb0a
5df2f562749ce15ad7236e5ddf98ca6d8345c6edb40d7d9b7363b3dac26c4a83
6fa5193499b368d6d8019e1d0911bfd896de0e79250f6b1bf9f371c7f213f12f
cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a
d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d
dcb39be80203e5de62b87f99b5fe21eb25556d58c9d654156850995e86f1f4ba
de10e041ff3250edccbe8a5edee50e9812620a3fff80de82545f018ad24cca0b
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-yl8j63zpcn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd
MD5 hash:
1419b3d16ce22151e749b61530bd05e5
SHA1 hash:
eb079d89d237b44151c735010dd41462a0effd92
Link:
https://www.unpac.me/results/a6d3dfc9-116e-435b-b4b0-97fdd6dfa2db/
SH256 hash:
9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f
MD5 hash:
7476e403eef14ac403c63c7279831780
SHA1 hash:
8387f558e30dc115987ac2b5c174a41302471abf
Link:
https://www.unpac.me/results/a6d3dfc9-116e-435b-b4b0-97fdd6dfa2db/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 02e8b7b5a9e8e53ed4b72885147b6ccd56e2d2657c2ae400b5418222a6f0b725

Executable exe 9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd

(this sample)

  
Dropped by
MD5 1bf53e9f73fbdca3b7319017054d83f5
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/107205/
  
Dropped by
SHA256 02e8b7b5a9e8e53ed4b72885147b6ccd56e2d2657c2ae400b5418222a6f0b725

Comments