MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2435f96048b1f8c2fc923c8a8a93cb34ad5079d81b656cacc1daf70775c2ba8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2435f96048b1f8c2fc923c8a8a93cb34ad5079d81b656cacc1daf70775c2ba8
SHA3-384 hash: 33e299cea1c4adfd91c42a97818fa599dbf9bf5e2cef19da697e7613bb5674efc6b42ad1ff4584915effeee759eeebd9
SHA1 hash: b8018daf4b8e41ee255808d9406f4d688410e3c5
MD5 hash: cf7eac3c8cf37a58ea298729dfcf1658
humanhash: ceiling-march-pennsylvania-oranges
File name:Purchase Order-147000015740.exe
Download: download sample
File size:78'336 bytes
First seen:2021-02-26 07:34:54 UTC
Last seen:2021-02-26 09:56:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 1536:pWDDGiLkwkY2tcxTvBqa87FKRQPSPxtz2QTU2uxAoQf8/KbsG:0Si+YkOLBl8NP49GAoyUa
Threatray 8 similar samples on MalwareBazaar
TLSH 80731A79B22BBE52D3A9953DC2D2CC1453F2CA696303FB1B5FBD10234712B931E4658A
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Purchase Order-147000015740.exe
Verdict:
Malicious activity
Analysis date:
2021-02-26 13:07:38 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/e7e4d884-b8ef-432d-b060-b2d49c13c0f3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119357/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45783742.22200.22596.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Sending a UDP request
Sending a custom TCP request
Creating a file in the %temp% directory
Deleting a recently created file
Creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/619473
Signature
Connects to a pastebin service (likely for C&C)
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2435f96048b1f8c2fc923c8a8a93cb34ad5079d81b656cacc1daf70775c2ba8/
Threat name:
ByteCode-MSIL.Downloader.Starpast
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 04:28:26 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wjbv7fqermpyyl6jepekrkj4wnfnkb45qg3fnswmdwxxa524foua._file
Verdict:
suspicious
Similar samples:
12e2fade9c6f17595717385e99c97a448e87bbbb6a7a30ea2c31062983f4c065
2800f779fcf9eb82626c08e19c5c2a46a149a1a0d046ef79c6c9ac1a44c6017e
546b14e45dad5ac436d7c928dc8e325082eacf2bd329a6f21648f37a37fe507d
8d66edd777191f1972fee3bbd11950bca3af608a2e3f3392c4c778a1ab991ec3
95b456ac6be39c237ec2ad22550fc7c19c971cc5d6813b10aa70c51d04a415fd
b78c057366525777ab931d9a4a2962a2df499a6690aae1f3e215097d5adbb458
e95d8b2d7c80f9b47d7c3fb368256962c357404e85f45701a473b6354ca18133
f6f59d39a6bfeb7e23f3340db9812c67c32ceafaf2bed99f92973a8c07c4c174
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210226-wvs5ab98yj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
b2435f96048b1f8c2fc923c8a8a93cb34ad5079d81b656cacc1daf70775c2ba8
MD5 hash:
cf7eac3c8cf37a58ea298729dfcf1658
SHA1 hash:
b8018daf4b8e41ee255808d9406f4d688410e3c5
Link:
https://www.unpac.me/results/24d37772-62b5-45b7-9494-b89cf6fecd98/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

aad1dd3f42fc899e12ee6c4a16f2a29d2a4b039dae97ac6a730974e86933126d

Executable exe b2435f96048b1f8c2fc923c8a8a93cb34ad5079d81b656cacc1daf70775c2ba8

(this sample)

  
Dropped by
MD5 fe3c4f6bacce3bfd4d815159637d79f7
  
Dropped by
SHA256 aad1dd3f42fc899e12ee6c4a16f2a29d2a4b039dae97ac6a730974e86933126d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/119357/

Comments