MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6f366cac76ffc8b790c6d9b48a13d522c4d5d565da0ef1ed41ff726074755ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6f366cac76ffc8b790c6d9b48a13d522c4d5d565da0ef1ed41ff726074755ed
SHA3-384 hash: cc9dad0e14825a1e7c8a7e6293ca6af41977928b62736457bde4a5792d929aee3de5f1db5dfa25dc327644a3a3e0ebea
SHA1 hash: 6effef246359abd61c253057c63a82f5ea41e80a
MD5 hash: 326ce69d35d328a83ceeb3ba927ec9dc
humanhash: iowa-angel-iowa-twelve
File name:cotizacin 345355.PDF.exe
Download: download sample
File size:1'211'392 bytes
First seen:2020-07-29 13:09:28 UTC
Last seen:2020-07-29 14:26:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:bkjdSmb+LUy0aS/+9fl0TxVX862a75az:oRSmaUaS2ll+xVXV2/
Threatray 3 similar samples on MalwareBazaar
TLSH B645D023A674FF11F62F32F6E850E0500EACBC6ACA43F539B97ABB7919736406721151
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gasteev.com
Sending IP: 37.49.224.121
From: Norma Hernandez Perez <info@gasteev.com>
Subject: LISTAS DE PRECIOS Y CARTAS
Attachment: cotizacin 345355.PDF.gz (contains "cotizacin 345355.PDF.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34906/
Detection(s):
SecuriteInfo.com.Generic.mg.326ce69d35d328a8.11843.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/402586
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6f366cac76ffc8b790c6d9b48a13d522c4d5d565da0ef1ed41ff726074755ed/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 13:11:05 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=43zwnswhn76iw6imnwnurij5kiwe2xkwlwqo6hwud73smb2hkxwq._file
Verdict:
unknown
Similar samples:
2d40a6c3d1200616055b55031daa8a6b010b3c99219f6b6da87bcd2b2f27d6c2
496cb728f86f1ca9852294e00e54d0463acdbcf603c404cc59fee261a34add05
5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200729-dfvdlgr2bn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e6f366cac76ffc8b790c6d9b48a13d522c4d5d565da0ef1ed41ff726074755ed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 16041ab958ce23e9dda80466f94fccd8942c76f518310b3de187cd7ccc686449

Executable exe e6f366cac76ffc8b790c6d9b48a13d522c4d5d565da0ef1ed41ff726074755ed

(this sample)

  
Dropped by
MD5 a7ef4567097bef914b83ae809b76ecf1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 16041ab958ce23e9dda80466f94fccd8942c76f518310b3de187cd7ccc686449
Cape
Cape
https://www.capesandbox.com/analysis/34906/

Comments