MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553
SHA3-384 hash: bc3e38c7d60fc5bb1ac5aafbeab1bdbf2faa7bb7a3530eb6359e07d9159cf16b72c9596242c31557c09f157b129c20cc
SHA1 hash: ee5b214e4266dc90bdaaa3f7f62f6883cdb0bcdb
MD5 hash: 87fe008bc303d081292126557f63d23e
humanhash: cat-alabama-enemy-yellow
File name:Descrição da oferta do produto 873564635640rden2020.exe
Download: download sample
File size:108'248 bytes
First seen:2020-10-14 14:31:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:q3zqPokgjgPDtDx4kHncMERv01w4lW21mNz4ch691YKcl26/lSntlgnKdUl5mG05:UePoQH+OEY
Threatray 9 similar samples on MalwareBazaar
TLSH F2B3EB46AA00D461DD3957B0E46B8CF081E7BD77E875F05F2E8D7EA832F32D2062A509
Reporter abuse_ch
Tags:exe geo PRT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: h22.megalink.com
Sending IP: 200.75.160.22
From: geral@cm-arruda.pt
Subject: Cotação de preço
Attachment: Descrição da oferta do produto 873564635640rden2020.arj (contains "Descrição da oferta do produto 873564635640rden2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70798/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/491070
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553/
Threat name:
ByteCode-MSIL.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 11:48:53 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xztiqihqdxogessz4rkvn3urrlbytenug7dhlvggpptm3t6cgvjq._file
Verdict:
unknown
Similar samples:
01272f17eba824214acfce5be4a4408023d7ba710488da14f8296eea90a3a3fd
13229c9c14567138633feaea0855b413eef1d17a5660932d9a7cdf961dadc55c
1e2ced0bf97c8caa6021784418f2edba1d0e618034fa15d83a0e8896e0936993
4a09bedcd448deaaaff205dabbc19a34f5b47a9714ac85a5a827c0aabeb2db7f
79402b00f9e23e5dbb45fc15a079b9308a0a890c7955d0e71e5d5489d9cdaca5
7c6f9944f020d5349a5657bdee7fb477efd9243135a05b4db9b6a2c19f6fdc27
80672dc10b55aaea12c39cb39fdc3cbe4a10d54b4ca9e6134ad455f60aafa0e4
d55bd71d4425756d7412d97dd2e0c53203ba40fae381c980322aee5682acc79c
db2fcaac7f3c3baa61adb321337865f20b72966079acde4295c6e80a2069cfd9
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-58n1nkjlv6/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553
MD5 hash:
87fe008bc303d081292126557f63d23e
SHA1 hash:
ee5b214e4266dc90bdaaa3f7f62f6883cdb0bcdb
Link:
https://www.unpac.me/results/dcf47d1a-6cf2-43e1-a970-ca33386cfd45/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

arj bf7d78ccf498af8f507bd7fd60b0154ca5b1170ba29e84cd42a74ec91069b1d7

Executable exe be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553

(this sample)

  
Dropped by
MD5 c09af984c58cd23baf17e6b1fd2cd43f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70798/
  
Dropped by
SHA256 bf7d78ccf498af8f507bd7fd60b0154ca5b1170ba29e84cd42a74ec91069b1d7

Comments