MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a
SHA3-384 hash: ced0f41e6adbd0d4cb785c3734598e07f055df594542cf7a5a54e78f47ef477a42a355ba7519d2fde706082c12e2db24
SHA1 hash: e24b2e66ffa1e9ef984e75c879fb6d572763d075
MD5 hash: eb6c9bf7937687f0bf84f17babc1f316
humanhash: west-colorado-michigan-tennessee
File name:New Order.exe
Download: download sample
File size:568'320 bytes
First seen:2023-04-20 03:52:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 12288:gRj9oj8+4A2GTde2NO7QMCEp30hZcVWYJ0hx+caGLt3:0ZrA2GRet7Prp30hZcVWR5aGLN
Threatray 260 similar samples on MalwareBazaar
TLSH T1BBC402B452D1A75DDC002FBEA600988823F74DB6D0C5DE9DCAA7F88B1DBD3241518FA9
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
322
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
New Order.exe
Verdict:
No threats detected
Analysis date:
2023-04-20 03:53:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3587af6d-aa0d-4310-8ae4-5ff5ed19b733

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/383600/
Detection(s):
Sanesecurity.Malware.28872.BadIN4.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6440b7202505c9cd829ec28f/reports/5cb068ef-53a4-421a-bafb-b5591ed762c1/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/79211ac3-fa49-444e-bc63-80913c57d9e1
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1217619
Signature
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xv7i7d7s3m6skpdzsqkmlra66bdk5t2xscylg2rpd3xuoy5k4fva._file
Verdict:
malicious
Similar samples:
07191de70521a8e76624cfafc6eba3edd19d7784c4c4c683b55f3fd16e377b38
22966ba42f0a0adda0c87caa3aa1b8b9fcc8537081b2a6c2791df3b37a4ca5cf
289a4bc231a47d921ad357468a18f0fcae9173f369fbd23b602eae0feaf95759
3adef7268e1bed2ac601b251a07c454d2c24997bfad1a45895b1b0676cd93294
87d3bbd8edcab168832890e4d362542e2be35fe286ce9a2ebeeb8216d08cca0f
935a2843dc01d80582184dd6aa77fc2f4c99aaeb48b9dfef6a1e1df2e927feda
bfbf10e0e60ae847c7f5a2da040b161d78a3c8ef9b357158cfa92a9cff6da360
bffea4bf5d2cda8c23b02e73e1a5cc9a43da3816c7193f23db798e4982916c66
ee734d6d93d42624ffd7f363f3252ee46cfbc5b6adef174447232605bda7d607
+ 250 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230420-efmvsahd41/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
5f8d347a651e917dbf97ef3d2f7c81c345b906e93b478d44533c352c12ad3d82
MD5 hash:
2de48b8da16f03c812a5f24e9d886349
SHA1 hash:
a50ad03853d1d9db27310a03a46ad9a1ce821e25
Link:
https://www.unpac.me/results/d69e9912-e654-4280-a2ac-4e4eb030096f/
SH256 hash:
40c050c20d957d26b932faf690f9c2933a194aa6607220103ec798f46ac03403
MD5 hash:
c768bac25fc6f0551a11310e7caba8d5
SHA1 hash:
95f9195e959fb48277c95d1dd1c97a4edff7cb3a
Link:
https://www.unpac.me/results/d69e9912-e654-4280-a2ac-4e4eb030096f/
SH256 hash:
d12abe201a0f34897067c1c35d65270919aa70b87648b2ba2f4cabaaad740012
MD5 hash:
c9c02c0a31bf0f6a9801f8ecb77451a3
SHA1 hash:
93dde76a3bc1885a354c248cc5653beebdc2b746
Link:
https://www.unpac.me/results/d69e9912-e654-4280-a2ac-4e4eb030096f/
SH256 hash:
bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a
MD5 hash:
eb6c9bf7937687f0bf84f17babc1f316
SHA1 hash:
e24b2e66ffa1e9ef984e75c879fb6d572763d075
Link:
https://www.unpac.me/results/d69e9912-e654-4280-a2ac-4e4eb030096f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Dotnet_Hidden_Executables_Detect
Create hunting rule
Author:Mehmet Ali Kerimoglu (@CYB3RMX)
Description:This rule detects hidden PE file presence.
Reference:https://github.com/CYB3RMX/Qu1cksc0pe
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe bd7e8f8ff2db3d253c799414c5c41ef046aecf5790b0b36a2f1eef4763aae16a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/383600/

Comments