MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc510d8e52d6e0d1ecd5b7e8640a1cb4ae4aba0543585a0e688763fe9d237d87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc510d8e52d6e0d1ecd5b7e8640a1cb4ae4aba0543585a0e688763fe9d237d87
SHA3-384 hash: d166eac748928e091e3b7b3a4968564887fdfec8e19cd7f5352eb9286195835dd2488110be8dc63667bb1080731bf1bb
SHA1 hash: 0252384e9848609aaada8678af1e97b2a880ee4e
MD5 hash: 445163a2ec63baf8325ac80c34c57fda
humanhash: robin-nuts-berlin-early
File name:File.txt
Download: download sample
File size:177'664 bytes
First seen:2020-08-14 09:04:26 UTC
Last seen:2020-08-14 09:42:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 1536:qNZhjkVIgAOQ2IY+Vt8pTLSLQslvECGHZeksKxROWlZGpVCzk:qNZhYhQa+VipKmCGH8TOjlZGJ
Threatray 9 similar samples on MalwareBazaar
TLSH 340430479A8C6FCFD47753B898A1582083EC7E7F8791E3693D51028E47E7E806FA5A01
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cottonettuno.it
Sending IP: 95.179.235.245
From: annabella <info@cottonettuno.it>
Subject: TRANSFER EFT PAGO SHIPMENT ELDORADO 354412004
Attachment: PAGO EFT DU ORDER.xls

Unknown payload URLs:
http://lesadh.com/bim/File.txt
https://paste.ee/r/AbJaX
https://paste.ee/r/7aJGE
https://paste.ee/r/ktldd

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45681/
Detection(s):
SecuriteInfo.com.Generic.mg.445163a2ec63baf8.6338.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Creating a file in the %temp% directory
Deleting a recently created file
Sending a UDP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/429118
Signature
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc510d8e52d6e0d1ecd5b7e8640a1cb4ae4aba0543585a0e688763fe9d237d87/
Threat name:
Win32.Downloader.Starpast
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 02:59:34 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
05416bbd81c741642ed00e05b3cb479e5fa26219dcb2b43dd27d8ccc6ae3d8a2
082df6803ed2728c592fa9d80825e20b594e4a10a5433e1eb553d60a71a3db02
5c019c670f05ca8797454be6c73de265381e5fd9fc7ef921263e3f982c8004a5
69dc322f7861776b6420ab43482f352f745d7a5b0ed3db55c892f9b7479e912d
875806c077ad2a9fc5a2c87fa0837f97c07ac731215428a88784d0bf5a7d6f25
966c1a5412af27dde07c13cbb17b743eec085d16aeac60849af71d376d1452ac
aa025c5073c737b73d42bc9295b7622e9c0b2db8a7bb9f480ba45a76a18259f3
c12927e94316183af8da2f28a16b715ba98a8f33ef846f0290434cf7ef0fdc2b
c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-tkhtdasf1n/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dc510d8e52d6e0d1ecd5b7e8640a1cb4ae4aba0543585a0e688763fe9d237d87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xls e8421e6b869ba2b085581c597cb44af22fd5b4eaa4127510f26733a4d53fa247

Executable exe dc510d8e52d6e0d1ecd5b7e8640a1cb4ae4aba0543585a0e688763fe9d237d87

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/433005/
  
Dropped by
MD5 e8dea0054ae01ed6ba99d0b282aa4e90
  
Dropped by
SHA256 e8421e6b869ba2b085581c597cb44af22fd5b4eaa4127510f26733a4d53fa247
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/45681/

Comments