MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c87cfe9605826172cb670657e9c1dc9a58b8a48732d9266fbf999189dbba675a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c87cfe9605826172cb670657e9c1dc9a58b8a48732d9266fbf999189dbba675a
SHA3-384 hash: 40bccea2f45b82a10571159e5a38ecbb3a740f4f8f39a1376797beac1b9b24590409f555bfe17b8bb8b2fbaf3bf130ba
SHA1 hash: 1d23470fa551f2551e5ef8adf5b395dd9c556d7f
MD5 hash: dd6532893717839c531d3a6f7041b58a
humanhash: fix-moon-idaho-illinois
File name:PO14162 LP51577 GOLDEN LILY Import and Export.exe
Download: download sample
File size:307'000 bytes
First seen:2020-10-15 17:21:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'743 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:OzyaEoxDiNIIjLXSXkVmMZtKboXgsBZ40+rMNu/:09Z7kXV2E7wdIu/
Threatray 14 similar samples on MalwareBazaar
TLSH B664B38DBB014954EB3C5A3C177FE8702763EEAB6DE0915838893B6332BB1A5701C756
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: renewsemaillist.info
Sending IP: 106.75.174.16
From: Herwig DEJONGHE <sales@renewsemaillist.info>
Subject: 72878 new order
Attachment: PO FW37.zip (contains "PO14162 LP51577 GOLDEN LILY Import and Export.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71550/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/492871
Signature
Connects to a pastebin service (likely for C&C)
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c87cfe9605826172cb670657e9c1dc9a58b8a48732d9266fbf999189dbba675a/
Threat name:
ByteCode-MSIL.Backdoor.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-10-15 16:25:52 UTC
AV detection:
27 of 47 (57.45%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zb6p5fqfqjqxfs3hazl6tqo4tjmlrjehglmsm357tgiytw52m5na._file
Verdict:
unknown
Similar samples:
00ef71f861b6fc1bc29bac8cc0f9f32d70e70407c2fba4931737409af8d7bd85
22221b72f894bb076ead64d8e6c09daf40692586a2b9f3409d91ae72c0a001ee
28c3b9d9bba2222f68a077032220c1a9e354de722f0945bc33a8f7176a1e1377
41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9
43a7ba762644200b700f32c305008d3b712059cdd25bc0aec03e37a46dcf2677
7c6f9944f020d5349a5657bdee7fb477efd9243135a05b4db9b6a2c19f6fdc27
86b0b53349b935048562758a34e08ae6190c67fa522e8742f60702b334625d36
a21f8b25beb919b6e0bdda1ba672e9c2ed15af1afe16dc241e94d2116ef51b75
a3c3aa8e82fc5f7076ba0ed54f33d9ac77c4e375389de23a592a8055d1c2dc22
d3f6b0b7336fee85292bc3b1f5634f113b561b9c5205f1ac319949628ba281ba
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201015-8hwalxpv5a/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
c87cfe9605826172cb670657e9c1dc9a58b8a48732d9266fbf999189dbba675a
MD5 hash:
dd6532893717839c531d3a6f7041b58a
SHA1 hash:
1d23470fa551f2551e5ef8adf5b395dd9c556d7f
Link:
https://www.unpac.me/results/f3c0532b-242f-4be1-ab3f-5e0ce0c189ef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c87cfe9605826172cb670657e9c1dc9a58b8a48732d9266fbf999189dbba675a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip f73857dfb136a0b1227c751f9117a00504c9267666f085ecc0960ba69e5e672d

Executable exe c87cfe9605826172cb670657e9c1dc9a58b8a48732d9266fbf999189dbba675a

(this sample)

  
Dropped by
MD5 bf52edc287ccf40f2b001100abfedd39
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/71550/
  
Dropped by
SHA256 f73857dfb136a0b1227c751f9117a00504c9267666f085ecc0960ba69e5e672d

Comments