MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba
SHA3-384 hash: 1c3f30f6a4c5b0e173d5206ee72fba500debca916c180fc6137d92635189f47df3bc27d28a5ab8eac0bc150e1030ffc0
SHA1 hash: d0160ea8538f70dff7b522dc3538b9c613427ebe
MD5 hash: 97ebc5fca7dbb683d2d6f17697552fea
humanhash: river-muppet-beryllium-hotel
File name:NEW ORDER 2021 6742100.exe
Download: download sample
File size:678'400 bytes
First seen:2021-01-06 07:19:09 UTC
Last seen:2021-01-06 08:34:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:gAWe6qebRiC7fJ2vXwiFL1loo/bfBhqLOoijf3sLH8h991XuB:gA4qfCDAXHFZlLbfBmijEUpuB
Threatray 2 similar samples on MalwareBazaar
TLSH 9CE45B5133F18413F89B0265243876CC2D3CB183B6D9E25BAB3775D19345ABAF7A8E12
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloud.tihest.org
Sending IP: 50.31.134.128
From: Farhanah Fadzil <milo@huafagroup.com>
Subject: NEW ORDER 2021 // REF: Order:6742100
Attachment: NEW ORDER 2021 6742100.iso (contains "NEW ORDER 2021 6742100.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
NEW ORDER 2021 6742100.exe
Verdict:
No threats detected
Analysis date:
2021-01-05 20:43:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e08f54f0-fb08-4089-bbcd-ece5227506bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110683/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.jc.14209.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/574857
Signature
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-05 18:51:09 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vy7nhtduswvh264tpojtevtesvzsolh5pdolpa2sgt3urdisuo5a._file
Verdict:
unknown
Similar samples:
791e9401b2e0910228a5fd4dbac30226ae4ed8c42c54786c9bb7bc5f116886a6
b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210106-v3cx7y92yn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba
MD5 hash:
97ebc5fca7dbb683d2d6f17697552fea
SHA1 hash:
d0160ea8538f70dff7b522dc3538b9c613427ebe
Link:
https://www.unpac.me/results/94f24336-53bd-4920-bf83-cc7b2aa6f198/
SH256 hash:
64a419709ad219ffc006bda776b650da486d55048d2fa34525f40227da0e5c86
MD5 hash:
88c0ec8398978fa2e4240f02765086ad
SHA1 hash:
5a5c4935b2d70e890c89ad9332365f4f4aa86f3c
Link:
https://www.unpac.me/results/94f24336-53bd-4920-bf83-cc7b2aa6f198/
SH256 hash:
7672353f9198983c56f9c8cc6dd9808dffbe401287c98ae8c9d0a9c7b61f68b8
MD5 hash:
dcb226058e2e5db4096b24af0e8cd772
SHA1 hash:
fb748eb89e04bf3a822ef069073c4db4e0831929
Link:
https://www.unpac.me/results/94f24336-53bd-4920-bf83-cc7b2aa6f198/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso e1aaecfb4c02acef4fb4761207547913d9c6c3852072216615083a1ad83e32d0

Executable exe ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba

(this sample)

  
Dropped by
MD5 e07898fe7112d95753e7d40244a3d7f8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e1aaecfb4c02acef4fb4761207547913d9c6c3852072216615083a1ad83e32d0
Cape
Cape
https://www.capesandbox.com/analysis/110683/

Comments