MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2
SHA3-384 hash: 428ecbc54fcb7fd856b33bb7b07535dcf56fd996e6317929701cd2fb381ddb31529a1a4a35b548d684cec9076ece83d5
SHA1 hash: 5a1093e707ca04d84673576c020d1e24d4d09a24
MD5 hash: d256891b5d30cad15c77ef33b0aae15d
humanhash: crazy-connecticut-bakerloo-london
File name:Credit Details.cmd
Download: download sample
File size:544'768 bytes
First seen:2021-02-23 07:14:37 UTC
Last seen:2021-02-23 08:45:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ce95782f94d8c06a522ef2ce68f3fe9
ssdeep 12288:5JZJpZFS02V46A9jmP/uhu/yMS08CkntxYRo:5JZ7ZFiufmP/UDMS08Ckn3V
Threatray 4'839 similar samples on MalwareBazaar
TLSH 3AC48D17EB10F10AE452C8B02965929B67397D321280AE03F7C16F5AA6726D7BCF570F
Reporter abuse_ch
Tags:cmd

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/118473/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop16.11011.10092.19889.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Running batch commands
Creating a process with a hidden window
Creating a file
Searching for the window
Deleting a recently created file
Replacing files
Sending a UDP request
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/615095
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Yara detected VB_Keylogger_Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 01:14:42 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y2hk4krpwfhddiyjt3xcyl35radfhj7nq7w6rdddqvayktqb2pba._file
Verdict:
malicious
Similar samples:
1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7
25f0420d3551985569fb57497301c7d2f691083d7318d28db5bab2e8a6a0bb85
363755d7a78e52ae1314c7c4a485048269a9680e93bc4cb82098ca6139bfd912
54f76bffd468bfb38aaf0adb0fadbfc9fa3a947b420d002c2206e57c805e6000
5bd645a7783a25d2caa48ee448ad1e47c00ae25e5a7fd9b304ad9422e9e79fd5
6d1939969f1763fa1f69073ed09fa37d443fd3a6739584bf5943ca8e54963023
7576e8a1595d88b7cdb00bb00648c86a60a2e2f7e24442451c528553f467ec04
930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1
b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2
cb23f5a566bfa91b51d3ecd344e3f6025023463532fa4d5edf5d0785814529d7
+ 4'829 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/210223-qzqpwel65n/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Unpacked files
SH256 hash:
c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2
MD5 hash:
d256891b5d30cad15c77ef33b0aae15d
SHA1 hash:
5a1093e707ca04d84673576c020d1e24d4d09a24
Link:
https://www.unpac.me/results/66867f6e-7650-484c-acaf-1ffb62ecaa46/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118473/

Comments