MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfd84da3b4eb2d8a6de6e0093a1d7399b92493d1b4499afa4c0e9572029ac1e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfd84da3b4eb2d8a6de6e0093a1d7399b92493d1b4499afa4c0e9572029ac1e8
SHA3-384 hash: 4e53184a63e50d83d67537cafcdb29b2bba0caf76ddf3474243818826d1a3478e871367e98bcd721fbf4a338d54a1cc6
SHA1 hash: de6866d8e388e1dc130d17cc0ba07fcff403c7b7
MD5 hash: b02ed26d410c2e1ea7f147a7fd59c6aa
humanhash: alabama-pip-fanta-berlin
File name:Scan003883 pdf.exe
Download: download sample
File size:288'728 bytes
First seen:2020-10-19 07:22:10 UTC
Last seen:2020-10-19 08:24:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:GkkmcypcCab6TZKrcPq0ACjS5N0/ch3f5v5sYNq+AUfg:k16Dg5N9hRvpw1
Threatray 24 similar samples on MalwareBazaar
TLSH A554EAAD76CA7C6AE9F5877C1EC4520E28F07393296AF7706ED1E6E48043250178BC5E
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: zimbra58.go4hosting.in
Sending IP: 111.118.184.59
From: stephen@wescomail.us
Subject: New Enquiry - Wescomail Inc USA
Attachment: Scan003883 pdf.rar (contains "Scan003883 pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72774/
Detection(s):
SecuriteInfo.com.Backdoor.MSIL.drzm.16895.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/494982
Signature
.NET source code references suspicious native API functions
Binary contains a suspicious time stamp
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cfd84da3b4eb2d8a6de6e0093a1d7399b92493d1b4499afa4c0e9572029ac1e8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 04:25:35 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7me3i5u5mwyu3pg4aetuhlttg4sje6rwrezv6smb2kxeau2yhua._file
Verdict:
unknown
Similar samples:
1e2ced0bf97c8caa6021784418f2edba1d0e618034fa15d83a0e8896e0936993
3369bd562e36836afadcd90369d8a645c4731aff1f7c69221dfa377736b648f8
404f5e208504a3cc7541fffb203db6bd135373f0ae0b9dc88d84e57464539dc5
47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04
4fedda898f576336ee03b6171f90a06d6132b314d37e4ff58e1b0a5b1fdc05dc
5edcb867ea82f70e5c2c8fcf09239b0b5f1f9d7305c6715db9c5f428b47d940f
7c6f9944f020d5349a5657bdee7fb477efd9243135a05b4db9b6a2c19f6fdc27
7fd71eaed1bde9227d0df97ddf9fdde6a21a4ad14840ba9da30847b0ea2136e0
8b6454ee5db17671b4d1d3da3bdc1012eaf6fbd1684b2c85a387d437f1bcbf59
b0ea02a7f014a75cdac99e151ad55106f49e8e4a068bb3df8b5d38c19778c248
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201019-ys7958vqge/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
cfd84da3b4eb2d8a6de6e0093a1d7399b92493d1b4499afa4c0e9572029ac1e8
MD5 hash:
b02ed26d410c2e1ea7f147a7fd59c6aa
SHA1 hash:
de6866d8e388e1dc130d17cc0ba07fcff403c7b7
Link:
https://www.unpac.me/results/824fd680-30e6-41d4-883b-34ab08b0ca80/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cfd84da3b4eb2d8a6de6e0093a1d7399b92493d1b4499afa4c0e9572029ac1e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar fe48d46623a9acfb1bcc9828ceafbf463624a3acc2140f8015169e48f5749f50

Executable exe cfd84da3b4eb2d8a6de6e0093a1d7399b92493d1b4499afa4c0e9572029ac1e8

(this sample)

  
Dropped by
MD5 64b0ed131d43f14cee1c08cf8bb39ac8
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/72774/
  
Dropped by
SHA256 fe48d46623a9acfb1bcc9828ceafbf463624a3acc2140f8015169e48f5749f50

Comments