MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8006ee0146630c8c78a6fdc12fb7c1bef5508296cbcd8790aa88bf960cb5276. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8006ee0146630c8c78a6fdc12fb7c1bef5508296cbcd8790aa88bf960cb5276
SHA3-384 hash: 2e296c88abf7d371f9b053659b31aafb7d061ee367da464ebf824bb12957b5d6e47ed0410322a766bd37b08212b59e45
SHA1 hash: d6660f8de0108fd1840145bce3d902df8703f8c4
MD5 hash: 4888b391de53f4d39e6ce9d0ee87f1a8
humanhash: romeo-kentucky-vegan-hotel
File name:1 Proforma Invoice INV7634543.PDF.exe
Download: download sample
File size:1'223'680 bytes
First seen:2020-06-17 05:33:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep 24576:sAHnh+eWsN3skA4RV1Hom2KXMmHadU3SDMMw2v10sxla5:Lh+ZkldoPK8YadUsMMw2N0sxi
Threatray 1'069 similar samples on MalwareBazaar
TLSH AE45BD0273D2C036FFAB92739B6AF24156BD79254123852F13981DB9BD701B2273E663
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19029/
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Knockex
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 09:34:23 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xaag5yaumyymrr4kn7obf634dpxvkcbjns6nq6ikvcf7syglkj3a._file
Verdict:
unknown
Similar samples:
06d6ece1fa6b728d5b5f538d740a60626e99cbbe6df5bd5a5c3f2a8923b0fd98
15d88e59e80b15ed7b24ffd1a496ff718b76a6a7d06cc2be0d1f91e460871c12
1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954
1e2fbd7c74b38c43c9ef42fa5d48b8ad50122d2be85ff927de0080d331cb9369
3fb510b7526dc753632045edaf094073c45f74fefdc08b5c2fbb9f8e7ac483c4
6083d7084795ed9d60be324c610dbfab644a3e25c982755a93071e23db11198a
793f375be5ed01b66b47d24ca49594af11ddcd125f3fb41ca77cae45632eba52
7cdf1294eb40f2a207f55cbb1a68761135500f64bb077a7f4ba9a7d3098850f1
c0e957bd685417a90c9a53b926e2492a627b247357648d2a3857c6ce61630e20
f13513c8b2e9f663d86a33c0d86179aa25ae600b1fac25b79b7767b99be9b177
+ 1'059 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-56eyz2rcre/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z 43028aa51f299624dd536ee5c45275716ab8b38ccc8b61d0cc108d408f23207f

Executable exe b8006ee0146630c8c78a6fdc12fb7c1bef5508296cbcd8790aa88bf960cb5276

(this sample)

  
Dropped by
MD5 e3844d5c8e156344833ccc05cac10a94
  
Dropped by
SHA256 43028aa51f299624dd536ee5c45275716ab8b38ccc8b61d0cc108d408f23207f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/19029/

Comments