MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92
SHA3-384 hash: 1a9a899fcc4c426c40791e0ee2dcc553022a0daa969ea1623199e405b52970f2e03997e442108ea753d1663687f5830d
SHA1 hash: db2b6ed978d4e642762b396831ba1ec1aa6cf047
MD5 hash: 1e4cd2aa2fc3e497c61cdf3622872de0
humanhash: massachusetts-tennis-bakerloo-zulu
File name:ACCOUNT#098000.exe
Download: download sample
File size:869'376 bytes
First seen:2020-08-14 11:19:32 UTC
Last seen:2020-08-14 12:10:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:UUGBsqGcwEZAaK8S2z5WEAPJWsRhJEIo5pTjeO3tei1TfWj9s2GYZPgmM0E:nXcxjTMEAPAqiIojTqOdei1LWsYjPE
Threatray 6 similar samples on MalwareBazaar
TLSH B80512497FE84229D6FB8B7CECA178301779740D641AF7582E95B84F20B77F88812E61
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: wanriton.com
Sending IP: 45.137.22.52
From: Roy@wanriton.com
Subject: PO-098000
Attachment: ACCOUNT098000.IMG (contains "ACCOUNT#098000.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45878/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.22910.26308.2330.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/429605
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 267275 Sample: ACCOUNT#098000.exe Startdate: 16/08/2020 Architecture: WINDOWS Score: 25 10 Machine Learning detection for sample 2->10 6 ACCOUNT#098000.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 11:21:09 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3wiavrnrz54qhfok67s7lj3twcv24mxj5eyuwxfziozgdymofoja._file
Verdict:
unknown
Similar samples:
13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb
3a401149f225ae5e95303480b98a80c0374ca1e4589d15ac79aa2b2a646f66e2
3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d
5404f329ed837bd8c8f109255711f9a8d7f5e0b05ea6e575408473834a5088bd
706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78
b6c0b0c1a9637ebc1fb2944ab47cdbd039b29dbf7d0e979769d6d5c209a8f01e
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-yx3vr3bntn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d0661a2e2cc0d19746c683584b35222370741715d76a12f4aebffdecaa7eb1bb

Executable exe dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92

(this sample)

  
Dropped by
MD5 26209fa6b84ea1cc68457d7a73527782
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d0661a2e2cc0d19746c683584b35222370741715d76a12f4aebffdecaa7eb1bb
Cape
Cape
https://www.capesandbox.com/analysis/45878/

Comments