MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d322d619b77d7e1734dedd8f7f00c815fad6a59621ed9021be4a7866123c33a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Anyplace

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d322d619b77d7e1734dedd8f7f00c815fad6a59621ed9021be4a7866123c33a4
SHA3-384 hash:	b32fcef82d2db9645379a55110d0be46008c6192efb3ef7ee32514add4d35f8403403f4f0536654ea8d160ddb53d4e59
SHA1 hash:	7ca4189256a818c7c33d3ffe5a64ac59127419db
MD5 hash:	7f5b49523f36db9d69d8d6f982d64356
humanhash:	nitrogen-bravo-illinois-georgia
File name:	lpa00714845747_entSignedv10048885pdf.exe
Download:	download sample
Signature	Anyplace Create hunting rule
File size:	925'066 bytes
First seen:	2020-06-06 09:26:44 UTC
Last seen:	2020-06-06 10:46:21 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	027ea80e8125c6dda271246922d4c3b0 (10 x njrat, 7 x DCRat, 5 x DarkComet)
ssdeep	12288:5hxp3lZnT9bDNkdAAcF3G3Ter4LQ54GczlAt4xjP8Obufd0lbAHfmRRodWOdJrME:5Jlh9bDN+ApFWDeraGcm6bBu/+MPnMm1
Threatray	262 similar samples on MalwareBazaar
TLSH	4815CFE1B780C471D4B35639983A9B63A837B51D8D68890D3AC5BF1F7D723424027EAB
Reporter	abuse_ch
Tags:	Anyplace exe

abuse_ch

Malspam distributing Anyplace:

HELO: srv03.infranetdns.com
Sending IP: 104.156.62.105
From: no-reply-invoice@es.epayworldwide.com
Reply-To: no-reply-invoice@epayworldwide.com, no-reply-invoice@es.epayworldwide.com
Subject: Tu factura de epay
Attachment: lpa00714845747_entSignedv10048885pdf.rar (contains "lpa00714845747_entSignedv10048885pdf.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Ransomware.Protected-6611653-0

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.AnyplaceControl

Status:

Malicious

First seen:

2020-06-06 09:28:08 UTC

AV detection:

27 of 48 (56.25%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2mrnmgnxpv7bong63whx6agicx5nnjmwehwzain6jj4gmer4gosa._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

8/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/201109-3c5zkjjv8x/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Drops file in Program Files directory

Writes to the Master Boot Record (MBR)

Loads dropped DLL

Checks BIOS information in registry

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Anyplace

rar 1e142f32e87b59342f38fb3de2a722368b6b8cda2c3543e8f0f9cc346a99edae

Anyplace

exe d322d619b77d7e1734dedd8f7f00c815fad6a59621ed9021be4a7866123c33a4

(this sample)

Dropped by

MD5 79ea67b1c222ec9fe32779fb37859192

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 1e142f32e87b59342f38fb3de2a722368b6b8cda2c3543e8f0f9cc346a99edae

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample