MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf4c790ed75074b826071aa764c692ca84b78159759909fdfff5cf4ac4672c20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf4c790ed75074b826071aa764c692ca84b78159759909fdfff5cf4ac4672c20
SHA3-384 hash: f7f77a56b16f6b3602f7cd2806fdf5fab8f2f71e5b67210b176737fe1edc2d641ee5bbdf513af7b65ee0adcc8b6b4f00
SHA1 hash: 5eaa0db1a2ef581e67650d8623e77575dc645f2a
MD5 hash: 1a5da2e3247ca47377572ff8fc940388
humanhash: south-iowa-whiskey-cardinal
File name:Eko_Boleto_cobrancas.msi
Download: download sample
File size:10'853'888 bytes
First seen:2020-10-16 13:45:56 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 196608:AmpRwfUHh3EZlNwrmG69oomPqWmuQRwXz3ySESliifBSuJQqJ096ejFYVDkN:AUCffZlNwrSooGqWm8Xz3r9fECQqJ093
TLSH 37B6232275CBC13BD57D4670297EDB5F40693E244BB188EB63C85E3E58B28D21232F66
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72067/
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf4c790ed75074b826071aa764c692ca84b78159759909fdfff5cf4ac4672c20/
Threat name:
Win32.Trojan.Numando
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 13:37:16 UTC
File Type:
Binary (Archive)
Extracted files:
98
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan persistence spyware
Link:
https://tria.ge/reports/201016-d2g53j73vj/
Behaviour
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Drops file in Windows directory
Modifies service
Adds Run key to start application
Checks whether UAC is enabled
Enumerates connected drives
JavaScript code in executable
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Virus
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf4c790ed75074b826071aa764c692ca84b78159759909fdfff5cf4ac4672c20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/72067/

Comments