MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d988749a819e92dc45ac7a5ca295533cb85a98701cfe921ad43b2920cbebb8dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d988749a819e92dc45ac7a5ca295533cb85a98701cfe921ad43b2920cbebb8dc
SHA3-384 hash: b6996965dbcb3d8c6863e319477dbe316c79c314e4aecf7c98be874599feed3eb3f72d69d5c95818ca97f264abeec969
SHA1 hash: ff37cd497d91eb3ecf9a179f91cbe03a80322132
MD5 hash: 1b383566cc7768b05f9a5754ad3e7bd3
humanhash: video-nebraska-hydrogen-ohio
File name:Payment Receipt.exe
Download: download sample
File size:683'008 bytes
First seen:2021-01-06 07:54:11 UTC
Last seen:2022-04-07 04:38:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:m1NR2qW4HfMG03y5BF4HYUScNHtbYILQCT5BS5nKDXHjmE:m1+qW4EGuScD5LDVBSUDXjm
Threatray 3 similar samples on MalwareBazaar
TLSH 51E45B1133F18413F89B0275243876CC2A7CB183B6D9E25BAB3775D09345ABAF7A4E52
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: paul.o2scoral.fr
Sending IP: 109.234.167.102
From: email@holyland.com.pk
Subject: Payment Receipt-ADP-$62,678.99
Attachment: Payment Receipt.zip (contains "Payment Receipt.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Payment Receipt.exe
Verdict:
No threats detected
Analysis date:
2021-01-06 07:59:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/489788f0-0b68-4aaa-bf0e-461e480ae625

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110699/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/574951
Signature
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d988749a819e92dc45ac7a5ca295533cb85a98701cfe921ad43b2920cbebb8dc/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 07:55:06 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3gehjgubt2jnyrnmpjokffkths4fvgdqdt7jegwuhmusbs7lxdoa._file
Verdict:
unknown
Similar samples:
791e9401b2e0910228a5fd4dbac30226ae4ed8c42c54786c9bb7bc5f116886a6
ae3ed3cc7495aa7d7b937b933256649573272cfd78dcb7835234f7488d12a3ba
b3748ae0bd6e35d549cc5653bf5427dd2e58f06b19972392c9264adf5916d97d
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210106-814vdf95cs/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
d988749a819e92dc45ac7a5ca295533cb85a98701cfe921ad43b2920cbebb8dc
MD5 hash:
1b383566cc7768b05f9a5754ad3e7bd3
SHA1 hash:
ff37cd497d91eb3ecf9a179f91cbe03a80322132
Link:
https://www.unpac.me/results/0400fee0-509c-4f32-9dda-4c0a46eb2bc8/
SH256 hash:
dc65c11ad89c961254d1c7c47f820f295076268558b7b6437c9ef14232b69732
MD5 hash:
ab872b56e4a6c57afa91dd225a74b8da
SHA1 hash:
2f61d1c484014fd709871f299bdcdc264249b1df
Link:
https://www.unpac.me/results/0400fee0-509c-4f32-9dda-4c0a46eb2bc8/
SH256 hash:
64a419709ad219ffc006bda776b650da486d55048d2fa34525f40227da0e5c86
MD5 hash:
88c0ec8398978fa2e4240f02765086ad
SHA1 hash:
5a5c4935b2d70e890c89ad9332365f4f4aa86f3c
Link:
https://www.unpac.me/results/0400fee0-509c-4f32-9dda-4c0a46eb2bc8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/d988749a819e92dc45ac7a5ca295533cb85a98701cfe921ad43b2920cbebb8dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip c8d8b4cadfcf2253ff55b87b9656b473d6c53b4c06ecc56a2ce57195d1f625ae

Executable exe d988749a819e92dc45ac7a5ca295533cb85a98701cfe921ad43b2920cbebb8dc

(this sample)

  
Dropped by
MD5 644abebcf3545c8efa6925564d779ba4
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/110699/
  
Dropped by
SHA256 c8d8b4cadfcf2253ff55b87b9656b473d6c53b4c06ecc56a2ce57195d1f625ae

Comments