MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e125da6182625e0356145c2089fed83432b575064214800b1d4cbc61916749eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e125da6182625e0356145c2089fed83432b575064214800b1d4cbc61916749eb
SHA3-384 hash: 4515ab926234d7b7c3efe93c3d9b14ce8e78444b1e4823124d839518d1b9ad97d4afdf97c2ea1567a77ec961b748270b
SHA1 hash: 88e0ba7e821b7c7786dcb099bb4e21ce232d82ba
MD5 hash: 43d9d5fdbde6c1aedc76863c3f9213d2
humanhash: seven-orange-cold-table
File name:Receipt009094484.exe
Download: download sample
File size:117'576 bytes
First seen:2020-10-09 09:07:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'752 x AgentTesla, 19'658 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 3072:zVfy26QsU1PlYRQIcESdrXHgAhApAhAzFN/LnkmtB:zVfybLU16PmXyN/Lnp
Threatray 3 similar samples on MalwareBazaar
TLSH 5EB38294729CBE12E5B22EF17BF1C1865932BD316D12D60C60F4368CC4A52CA9DD3ADE
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.invoicez.xyz
Sending IP: 104.168.165.165
From: Rose Jones <postmaster@invoicez.xyz>
Subject: Payment Receipt 02201R and shipping details
Attachment: Receipt009094484.img (contains "Receipt009094484.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/486519
Signature
Connects to a pastebin service (likely for C&C)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e125da6182625e0356145c2089fed83432b575064214800b1d4cbc61916749eb/
Threat name:
ByteCode-MSIL.Trojan.GenMlwB
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 08:27:35 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4es5uymcmjpagvqulqqit7wygqzlk5igiikiacy5js6gdelhjhvq._file
Verdict:
unknown
Similar samples:
60440d081858f519028f5f24febeab4cbd9fb3a727c1833ea03ab360a050cf1a
91c1a234f9f1c9bcefa5024b93d5d3dec10f8695a11173f57996df8f6324de79
cb6c181823fd61558c1e6cefa9f1634d1676984316caa071c24268df493d3629
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201009-52lc3qyd3s/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
e125da6182625e0356145c2089fed83432b575064214800b1d4cbc61916749eb
MD5 hash:
43d9d5fdbde6c1aedc76863c3f9213d2
SHA1 hash:
88e0ba7e821b7c7786dcb099bb4e21ce232d82ba
Link:
https://www.unpac.me/results/c9248eca-9836-46e4-85fa-270e47c1263a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e125da6182625e0356145c2089fed83432b575064214800b1d4cbc61916749eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 7bc1bba1dc1e015147494bc36fc493e759b5813062435ab997245b0fb962fc6c

Executable exe e125da6182625e0356145c2089fed83432b575064214800b1d4cbc61916749eb

(this sample)

  
Dropped by
MD5 3ab645ecdb1a9ec912cd0878551d9a40
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/69493/
  
Dropped by
SHA256 7bc1bba1dc1e015147494bc36fc493e759b5813062435ab997245b0fb962fc6c

Comments