MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d
SHA3-384 hash: 8b120b6b1da8eab3b8a17817988f144210970b39b27fa95db2f80736a0d4403905b912ce54af4731066f77c5227bb636
SHA1 hash: cb03af951bc89ffda79dc908701c049afe3ad0c3
MD5 hash: c629a7bdcdc0b344be86b2242eb717f5
humanhash: north-monkey-spring-monkey
File name:Paymentcopy001#pdf.exe
Download: download sample
File size:704'000 bytes
First seen:2021-01-06 07:18:53 UTC
Last seen:2021-01-06 08:34:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:cAeYaq7Rarxyvs1G8rQp/p+bKhktfXzsJEq+1j3Uc7DqVa1r/c:cA2q7GxyE1G8rQp/Vyt2YFOkc
Threatray 2 similar samples on MalwareBazaar
TLSH 2FE45B1133F18413F89B1275242876CC1E7CB083B6D9E25BAB3776D59305ABAF6E8E11
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: relay2.ncc.co.za
Sending IP: 102.132.9.26
From: Mellins I Style - Bethlehem <bethlehem@mellins.co.za>
Subject: Payment Advice
Attachment: Paymentcopy001pdf.rar (contains "Paymentcopy001#pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Paymentcopy001#pdf.exe
Verdict:
Suspicious activity
Analysis date:
2021-01-06 07:30:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bad77ad9-7448-4bca-8e71-258ab10c633f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110680/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.jc.31140.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/574957
Signature
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 07:19:10 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wn2ivyf5ny25ksomkzj36vbh3uxfr4dldglshewjezfn6wiw3f6q._file
Verdict:
unknown
Similar samples:
791e9401b2e0910228a5fd4dbac30226ae4ed8c42c54786c9bb7bc5f116886a6
ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210106-6fxph3qpps/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d
MD5 hash:
c629a7bdcdc0b344be86b2242eb717f5
SHA1 hash:
cb03af951bc89ffda79dc908701c049afe3ad0c3
Link:
https://www.unpac.me/results/acbfd2c2-d26f-425c-a54e-381788759f0a/
SH256 hash:
867000584032aaa0d7babf25a341dad45c0d35f19265284b31b8ac444880eee3
MD5 hash:
5f05cdd0e757ff2a7f06481af6c302dc
SHA1 hash:
02adb7139978133c8b5d517eba9d1387f9d01244
Link:
https://www.unpac.me/results/acbfd2c2-d26f-425c-a54e-381788759f0a/
SH256 hash:
64a419709ad219ffc006bda776b650da486d55048d2fa34525f40227da0e5c86
MD5 hash:
88c0ec8398978fa2e4240f02765086ad
SHA1 hash:
5a5c4935b2d70e890c89ad9332365f4f4aa86f3c
Link:
https://www.unpac.me/results/acbfd2c2-d26f-425c-a54e-381788759f0a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 21911e0614781cba5c8ac7b64d8c60b1174fd55c822343ec65892cbd43d309c9

Executable exe b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d

(this sample)

  
Dropped by
MD5 33179fe87229a021256f88aeea3f0e2b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 21911e0614781cba5c8ac7b64d8c60b1174fd55c822343ec65892cbd43d309c9
Cape
Cape
https://www.capesandbox.com/analysis/110680/

Comments