MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a
SHA3-384 hash: eb6eaf91bf461de144a5063814af4d986e0229a40aaaa534b924ed6171dd27a1ad8d5102b56a52772266a890d0abe20f
SHA1 hash: 29d12f10c2f7aa28e52918f4de053d75a0559c5e
MD5 hash: fd16ab3ac0f901750c1182bce6077ba4
humanhash: maine-football-april-nebraska
File name:Bauer-Order-PO4502257086,xlxs.exe
Download: download sample
File size:881'664 bytes
First seen:2020-12-08 08:10:17 UTC
Last seen:2020-12-08 09:31:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'653 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 12288:IrHhAJcGUvZLdzjs7iYepVbmsWh7gr7E5TRqxk8oJRizeD4iNcIUx:IbhOv8lEeD6smG72RQsoB
Threatray 17 similar samples on MalwareBazaar
TLSH 6D15AE349FA9163AF53BAB3C85E02055ABAE37D37703CD6C55B602C90B23A42D9D163D
Reporter abuse_ch
Tags:exe geo KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm53.hanmail.net
Sending IP: 203.133.181.11
From: 소병락 <sbr927@daum.net>
Subject: Bauer: PO4502257086//紧急
Attachment: Bauer-Order-PO4502257086,xlxs.7z (contains "Bauer-Order-PO4502257086,xlxs.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a
Verdict:
No threats detected
Analysis date:
2020-12-08 17:44:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6c702b7e-b6bc-4a52-8b69-0e17c5674957

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107210/
Detection(s):
SecuriteInfo.com.Generic.HEUR.QVM03.0.C819.Malware.Gen.7449.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/557734
Signature
.NET source code contains very large strings
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 08:11:09 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zqpmual6nocqru3ydzewfutqo43ibedtmfiybyuwz5o6flgecmfa._file
Verdict:
unknown
Similar samples:
0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011
1989b7078501dfe26669ba2af737ed8dba616acb527193e3c64eaf3a1942c5b8
372d44cc54918eeb7143b31e1619dae60ed601d4d25d7af53a7daef9e5cb4799
4504cb7fa8692435e6fdbf45891b15cc9e3644fe04995ccba0c98368f42afb0a
5df2f562749ce15ad7236e5ddf98ca6d8345c6edb40d7d9b7363b3dac26c4a83
6fa5193499b368d6d8019e1d0911bfd896de0e79250f6b1bf9f371c7f213f12f
9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd
d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d
dcb39be80203e5de62b87f99b5fe21eb25556d58c9d654156850995e86f1f4ba
de10e041ff3250edccbe8a5edee50e9812620a3fff80de82545f018ad24cca0b
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-szk1es67fj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a
MD5 hash:
fd16ab3ac0f901750c1182bce6077ba4
SHA1 hash:
29d12f10c2f7aa28e52918f4de053d75a0559c5e
Link:
https://www.unpac.me/results/4eac4499-dec3-4eb8-8bef-30e0f73ce3cd/
SH256 hash:
9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f
MD5 hash:
7476e403eef14ac403c63c7279831780
SHA1 hash:
8387f558e30dc115987ac2b5c174a41302471abf
Link:
https://www.unpac.me/results/4eac4499-dec3-4eb8-8bef-30e0f73ce3cd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z bf72852811ce8307612c7547d9a38b1a1d7369a257e4913aec50f5d6a2095e49

Executable exe cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a

(this sample)

  
Dropped by
MD5 381a5417e9c6f31cb4ab7b5ef7d2c5c0
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/107210/
  
Dropped by
SHA256 bf72852811ce8307612c7547d9a38b1a1d7369a257e4913aec50f5d6a2095e49

Comments