MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c80ce609bceb3fb3d9c3432d8d42503644299c1ccf9a1b9d6f82f116948fed8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c80ce609bceb3fb3d9c3432d8d42503644299c1ccf9a1b9d6f82f116948fed8a
SHA3-384 hash: 5cd93b87cb9dbe805c218277da6dcdf19f1ef58535209383b759f67efcd3f8bd9847e36febddb744f8cda882ea94d73a
SHA1 hash: 98823394e667594fbdb336cb4c7a13c434766eae
MD5 hash: 6da083f6d4ddda45cc06b257ea43e6de
humanhash: virginia-texas-emma-lamp
File name:Linter Estonia AS - kliendisoov 00235256-SKBMT-07-22-2020-115-DD5243.exe
Download: download sample
File size:16'384 bytes
First seen:2020-07-22 09:39:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 384:u9Oaxp21r1S/OzHtY72MX5Z4JvdUQLFL/LGLdrD0YIFBvPFzFQ4:u9TxE1reINEX5kvdUUZzSS1PFzFn
Threatray 711 similar samples on MalwareBazaar
TLSH BA728E1183F557ADC9730F3A9C6393100678FB09ECA2E7AF6D44505F2E23A954762BB1
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: correo.atlanticonsultores.com
Sending IP: 82.194.82.36
From: Sabina Delpin <sabina.delpin@jadroagent.hr>
Subject: Linter Estonia AS - kliendisoov: 00235256
Attachment: kliendisoov 00235256.r00 (contains "Linter Estonia AS - kliendisoov 00235256-SKBMT-07-22-2020-115-DD5243.exe")

Unknown payload URL:
http://texniko.gr/S0.jpg

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/31046/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Launching a process
Creating a process with a hidden window
Creating a file
Sending an HTTP GET request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/394867
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c80ce609bceb3fb3d9c3432d8d42503644299c1ccf9a1b9d6f82f116948fed8a/
Threat name:
Win32.Trojan.Masson
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 07:32:34 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zagomcn45m73hwodimwy2qsqgzcctha4z6nbxhlpqlyrnfep5wfa._file
Verdict:
malicious
Similar samples:
1590167d71c9cd4bdacf01d5e56fb3b4315ddaf7ede3dc270de784a7ec12f2dd
55be6c73b00189e473ef23d8693ab34f8eeec82c46ed27ee5b3e88944334aaf9
9fc5b3395c0fea9aec9e7c6bfce346acd3271500c1cc085859c4270f91e30a94
abee98b273f8b2c4530af48e1022c15af3932f99ad4fd011b7c5e529c5ae6434
bc4eb9e6d6e0b8e74778806de3a392800a98eb1460a56f38c523262277af1bac
d7269fff7321b7254a2a6ce7e6fb9b8347d73cb78597d73412b8d21344832e81
e91593299dba4d7f9362c8d64e701413af0384f0f7ecca356ab138497f3a8e4d
f38a6d59735df60c2612686710b66c44a0042b7df2fe97e048fc6e480ce4848c
f8b4f7113aa0d1a2c45da336f44aa6f3aac6ccceb9e1251842fdc086b1f33eef
fbb99e9576db212b02fd60fc214d3cd9faa9f2f019103ea8dc1aec8424bd4ba7
+ 701 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/200722-xea42dqcae/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Drops file in System32 directory
Looks up external IP address via web service
Blacklisted process makes network request
Blacklisted process makes network request
Process spawned unexpected child process
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c80ce609bceb3fb3d9c3432d8d42503644299c1ccf9a1b9d6f82f116948fed8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 ea2176f35017ad08049f643fe0e24705287f5ddcbd52147fef92296b35943dbb

Executable exe c80ce609bceb3fb3d9c3432d8d42503644299c1ccf9a1b9d6f82f116948fed8a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/417730/
  
Dropped by
MD5 acea15d6e6a4ca97722aab300bc8d4a9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ea2176f35017ad08049f643fe0e24705287f5ddcbd52147fef92296b35943dbb
Cape
Cape
https://www.capesandbox.com/analysis/31046/

Comments