MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4
SHA3-384 hash: 998d8c69611990e29da379b3dd7935a7e1821a8b9deeddfc7beab9e5c22c7723ef8b5176154003e54f2330f182cac086
SHA1 hash: a7e274022cefa7b0fe2aabb9800f8fb5a3b0f4d0
MD5 hash: d5c3b878589963fd5a8dfe97be61c22c
humanhash: arkansas-freddie-tennis-yankee
File name:Combined proforma invoce.exe
Download: download sample
File size:193'024 bytes
First seen:2023-08-18 08:55:43 UTC
Last seen:2023-08-18 09:00:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:SIeetu7ZJtckEFNTidH1W7llbQHia/U1zAPjb4uVvWatP2kW23WEm55VgxNag29r:xtIZjIX7bSD8e4uAFP5VoNagSjWbhi
Threatray 794 similar samples on MalwareBazaar
TLSH T17D14E517B99689A5C2981B36C6D7CC140771D582B393DB1EF58E2BE90F433BB9C4260B
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter cocaman
Tags:exe payment

Intelligence

File Origin
# of uploads :
2
# of downloads :
273
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Combined proforma invoce.exe
Verdict:
Malicious activity
Analysis date:
2023-08-18 08:57:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fe44575d-0d27-409d-89c1-134f78092b39

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/443431/
Detection(s):
SecuriteInfo.com.Trojan-Spy.FormBook.21119.5850.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Forced shutdown of a system process
Unauthorized injection to a system process
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/725ac2b0-704b-4d40-9662-9cdfc3b66ba6
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1293307
Signature
.NET source code contains potential unpacker
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1293307 Sample: Combined_proforma_invoce.exe Startdate: 18/08/2023 Architecture: WINDOWS Score: 52 19 Multi AV Scanner detection for submitted file 2->19 21 .NET source code contains potential unpacker 2->21 6 Combined_proforma_invoce.exe 14 4 2->6         started        process3 dnsIp4 17 files.catbox.moe 108.181.20.39, 443, 49708 ASN852CA Canada 6->17 9 WMIADAP.exe 20 9 6->9         started        11 MSBuild.exe 6->11         started        13 MSBuild.exe 6->13         started        15 8 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-08-17 21:47:34 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
15 of 37 (40.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=44zcfuk2wb63r3fnrnvavgotv53ehfagmtbdrzlluoilbhu5uo2a._file
Verdict:
malicious
Similar samples:
29f5a8629986da0b4a353e5423fb39c505cba7c06e7aa4b5a4029c5a1669ae95
3454a03a003a23385521dae0e13fbe65211a9e9c590022dc906da7085ca71244
39effc8ad793805f7a5558b804d72b01de87db3a89657c91d5508612c15d3761
40d2ef9b1d6d9ece09db374ec0baeda78fb85bc83aee67545bd48c641b7a815d
495af6172a43747c7b0c987be287b1ff17e16b8e0aa247d123621568bf8fa3c6
737a4e3c0bc536fddc9f55099a01736da0b5ecb543d62b55ec3f29650a1305d8
93cdf41efa17cd5adac34ef959cadbd1edf13275fad4804303a0ee67959fc8ca
95c36c1a0484fcfee91f34a49bb2e48c6d2f4e923327ba8c34d8e79fdb14f744
+ 784 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230818-kv1m3sge82/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4
MD5 hash:
d5c3b878589963fd5a8dfe97be61c22c
SHA1 hash:
a7e274022cefa7b0fe2aabb9800f8fb5a3b0f4d0
Link:
https://www.unpac.me/results/88df69ed-76a2-44e2-b69f-54346a8cb1c8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 408672e75da033984876de5b8d5627650b48406029723c8194e8cdc9f8ae5a07

Executable exe e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 408672e75da033984876de5b8d5627650b48406029723c8194e8cdc9f8ae5a07
Cape
Cape
https://www.capesandbox.com/analysis/443431/
  
Dropped by
SHA256 cf1d301c75547b1d941f97bea8a443b264159e07d37bedec783d9a219bc85b70
  
Dropped by
MD5 9812f595d12a38cdbf1013f3d86bcf3b
  
Dropped by
MD5 b2da7c8e25c5f3974a6075bdc8ac019c

Comments