MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab
SHA3-384 hash: 06f133606519dc48f5a823dc11af12ce7c33ad9795d8575a0fa47c28850aa96087e83cb8acd15cca313f946661c7e709
SHA1 hash: 15ce20bb5c304030d5af9f29c7c424d924234ec1
MD5 hash: 951bf2efafb8de354392f7ccb09b2696
humanhash: steak-hawaii-washington-south
File name:PDF.exe
Download: download sample
File size:54'656 bytes
First seen:2020-10-13 10:40:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 1536:qg+Jlsu2yeYeAeYeaeYeAeYeEeYeAeYeXeYeAeYeEeYeAeYeEeYeAeYedeYeAeY8:qgusu/eYeAeYeaeYeAeYeEeYeAeYeXeu
Threatray 4 similar samples on MalwareBazaar
TLSH B933CE15134EDEF6DAF21B3C56D7C19095F06CA3E429E1BA0ECA68DCB5B6208A317C71
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtpbg604.qq.com
Sending IP: 59.36.128.82
From: sales01@jcyelectronics.com
Reply-To: sales01jcyelectronics@gmail.com
Subject: Request For Quotation
Attachment: PDF.zip (contains "PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70393/
Detection(s):
SecuriteInfo.com.Generic.mg.951bf2efafb8de35.32151.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/489542
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 297219 Sample: PDF.exe Startdate: 13/10/2020 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 PDF.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-10-13 07:10:54 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzmmi6znao6bot24jobw7xkgord2kgrmp3aqphk5p3fss4rt4svq._file
Verdict:
unknown
Similar samples:
13229c9c14567138633feaea0855b413eef1d17a5660932d9a7cdf961dadc55c
47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04
88e157995a6f79f670bad1611fdba6514152bb1f2682e0dbc28c3e9291b8c221
ee41bffec9b30b0e5e1ee01e07482c92ea0f0663734833e3ac76de4e6388f025
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-cra72der5e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab
MD5 hash:
951bf2efafb8de354392f7ccb09b2696
SHA1 hash:
15ce20bb5c304030d5af9f29c7c424d924234ec1
Link:
https://www.unpac.me/results/5b1f607f-9006-4d50-9ab1-44f50cae3685/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 72171c324ab0c959748e3524cb5a8d0089a32484c33a6ccf8a6a6acc426c2865

Executable exe b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab

(this sample)

  
Dropped by
MD5 3281bb068fa8e7de4e15a9a7027952c4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 72171c324ab0c959748e3524cb5a8d0089a32484c33a6ccf8a6a6acc426c2865
Cape
Cape
https://www.capesandbox.com/analysis/70393/

Comments