MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f
SHA3-384 hash: f7e77fcff27a76f253503dec6db986f51b62d0cb5a39d084175d765ab4eebecc3b314005debbc50efd0555d52c0b73b0
SHA1 hash: 999e28d1395b78df67b8d691ed2892468e50059d
MD5 hash: 390b782d0312360148291f8150239049
humanhash: ack-oranges-black-video
File name:Enq No.BPC-9840117.exe
Download: download sample
File size:1'088'000 bytes
First seen:2021-03-25 10:13:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:ygaiKtX/hqRgh47Vvp1CrEi1cvuTGGBuHNDFMRrIHk9V:yrimX/837lCrvcBGBuHNDuRkH
Threatray 93 similar samples on MalwareBazaar
TLSH CD35EF7E055A6B37E57D83F48DE90003F331A52A3186EA0D5DD257E41BA2753A88FA0F
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ir.uitn.ir
Sending IP: 185.2.13.217
From: Soroosh Borzoo <s.borzoo@ariatajhiz.com>
Subject: Enq No.BPC-9840117 / URGENT
Attachment: Enq No.BPC-9840117.cab (contains "Enq No.BPC-9840117.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Enq No.BPC-9840117.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-25 10:40:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8f038e42-5c17-40d6-8a0e-db5844c50f2a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Dropper-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/653712
Signature
.NET source code contains very large strings
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-25 08:42:25 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x32fjyzs4lz54ivnayjprpeo64hkyoaj3mfpnitxhywr3g76zu7q._file
Verdict:
unknown
Similar samples:
0a70b0923bbeabb1a48caaf2a3e37d81def85aeda662746bb782a4de7fecdb4a
2e96f7a6b4dd1d5251af4962a9028aac90c2ceb282495018c2d879ebf583f9ea
48cf95888259138c1d0b910da9c79083f16977df3d32a1708e3a4bd1c9015f5f
708ca97e578a8821640200bb5d9b030487b3159192eeda5aa20875bac0748f7d
a4470807c1518543552911cc3eaf6d9609e545ff44d961f32110166ff1c2b59c
bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d
bfecf1d24ef83e7bc35143c6ef0cc09a0a77902e2fd6ef9f5d5a50d0968c088b
cfbf1e8483cddd75356dedc9630659fca435a94c522c43c9178c1114aa6423b3
eeb6d22ed65252b2e4a70098447a30d34267bac450ceef13ebbf2c896057924c
eee9ef1189886f11287b1db59eb13fba5c5f2b880e9fb744cafe15feed1f57b3
+ 83 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210325-994jgtcfne/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f
MD5 hash:
390b782d0312360148291f8150239049
SHA1 hash:
999e28d1395b78df67b8d691ed2892468e50059d
Link:
https://www.unpac.me/results/f26078ae-c221-48c8-aec3-2bcbbce6df39/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508

Executable exe bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f

(this sample)

  
Dropped by
MD5 86829a39c1f61a02f5589befea5198d2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508

Comments