MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e694b6529ce7d85d6b971c52e2e7a4f5ec69096b106bd9821761b185776047ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e694b6529ce7d85d6b971c52e2e7a4f5ec69096b106bd9821761b185776047ae
SHA3-384 hash: 1471197ed0d99058c87b8f16d37c9d36ad561a8c4c022d049b59b7347e79c1f070f16df9c294cb2ba05b1a8a266ac678
SHA1 hash: 33ef77670803776541d12d815874d95c1c27545f
MD5 hash: 1443fed09d61d0c1ade1f73bcb1d66de
humanhash: item-undress-sink-romeo
File name:TREKSTA 2021 Business Plan.exe
Download: download sample
File size:640'000 bytes
First seen:2021-01-18 18:50:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cea7ae85c87ddc7295d39ff9cda31d1 (85 x RedLineStealer, 70 x LummaStealer, 61 x Rhadamanthys)
ssdeep 6144:MvcfogLwlpDj+yN90QEgCeqRhZN/1Fu2vMNttzh/ueWP6+knySjeXItGnTpl+tgb:MOTway90pd/kUeWPkySKX1n6R9n0r
Threatray 15 similar samples on MalwareBazaar
TLSH C2D449F872E1E179C81583312A617C7247F16CA0DD70A95AEDDCF9E48631EF62B22706
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tmbimasakti.com
Sending IP: 103.229.73.6
From: Treksta Inc. <lim5676@treksta.co.kr>
Reply-To: Treksta Inc. <hurlbe@outlook.com>
Subject: Partnership Opportunity.
Attachment: TREKSTA 2021 Business Plan.rar (contains "TREKSTA 2021 Business Plan.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
TREKSTA 2021 Business Plan.exe
Verdict:
No threats detected
Analysis date:
2021-01-18 19:00:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/028c6a88-1072-45a3-af74-fb79812f145c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112688/
Detection(s):
Win.Packed.Clipbanker-9776822-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/584173
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops PE files with a suspicious file extension
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for dropped file
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e694b6529ce7d85d6b971c52e2e7a4f5ec69096b106bd9821761b185776047ae/
Threat name:
ByteCode-MSIL.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 18:51:08 UTC
AV detection:
21 of 46 (45.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=42klmuu447mf224xdrjofz5e6xwgscllcbv5taqxmgyyk53ai6xa._file
Verdict:
unknown
Similar samples:
20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470
3d30f3e545110a115ed70bb765354c8b3a7cffa96440f0ea45ee819c71ccb8e9
3d783630a9df4cc2fc3bed2bd696e006c4eb018ca419295fc1fc94010659ecac
3eba0dc8845aed9cb930bab85515af193da93dffff8a2def181c92999b7afeb8
5ab7baf45a6925643a7510a51d38b4769f23d4b805f9773da6e66f373c497d9a
b1ec11ffefb1d9d29251fe84c8712c74c331d4172597f038112ecba875b38d3e
b2224f39553fd82163e576e652c79f4845d238589ca4193a60a52124db08a69a
b5b134370ccb858812e246a7dd7335d7bb81a4961023078c06c7eede5cf4c437
e5293306e26acee08b59796c2a80b2e9e36f4ec027016a908b4beb24f83bd8e7
ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210118-xfrx6y3pqs/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Unpacked files
SH256 hash:
e694b6529ce7d85d6b971c52e2e7a4f5ec69096b106bd9821761b185776047ae
MD5 hash:
1443fed09d61d0c1ade1f73bcb1d66de
SHA1 hash:
33ef77670803776541d12d815874d95c1c27545f
Link:
https://www.unpac.me/results/6d154e51-0cf2-42d8-996d-0ea7f8c0a1b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e694b6529ce7d85d6b971c52e2e7a4f5ec69096b106bd9821761b185776047ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 9642f9f7edd84215d0d95194b05d6c47c4c269552866b26063442e0d9415fd01

Executable exe e694b6529ce7d85d6b971c52e2e7a4f5ec69096b106bd9821761b185776047ae

(this sample)

  
Dropped by
MD5 415912d8e38b1ea7e9163db77d0d805c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112688/
  
Dropped by
SHA256 9642f9f7edd84215d0d95194b05d6c47c4c269552866b26063442e0d9415fd01

Comments