MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa
SHA3-384 hash: 501ac26fec47825f54649f62c38d4262abe17303b8942b58fe0ddebffb4fea90cb4471128e197da0ef62f5504ee132fa
SHA1 hash: a423c457ef379e79586fb41792a2e1c9a4561c54
MD5 hash: 1f6e97094da422c94011d97bb1320c8c
humanhash: lima-freddie-carolina-island
File name:BitCoin Updated Security Terms and Policy.exe
Download: download sample
File size:259'072 bytes
First seen:2020-12-26 08:12:31 UTC
Last seen:2020-12-26 09:37:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:dtbLIHcjqbN/l71vJpVZ0y13knCgmg2fXaxM0+urh5dQMwe:HbIcjwxvHVZ0y1UCgV2p0+uhQM
Threatray 25 similar samples on MalwareBazaar
TLSH E4446186EB804584DC2D6B74243E8D25561FBEFAE8B4A54D2F8DB2357BF31E3143244A
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: email.blockchain.com
Sending IP: 185.244.38.210
From: Blockchain.com<newsletter@email.blockchain.com>
Subject: URGENT SECURITY ACTION!
Attachment: BitCoin Updated Security Terms and Policy pdf.zip (contains "BitCoin Updated Security Terms and Policy.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
356
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BitCoin Updated Security Terms and Policy.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-26 08:13:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7471b425-377e-4fe8-815b-eb58c291dbfd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109481/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6317.26257.19570.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a file
Creating a window
Sending a UDP request
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/570149
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-12-26 00:18:52 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5khwirsmfhajwn6j6bn6ibyy4fckg5noxeqo22m7wppkmrgvbcva._file
Verdict:
unknown
Similar samples:
1676e36eec12118ae10d1f090b6bf269d3f3c3ff771ecb0422231946415b2b13
390a3c19f40c0c0cc56ae4c15c6f8aa159c00d08887ac52d0d8d7a5d1eb51b0c
7210dc31f2e68cbad04a8e9167b76554db1f7c46b0bcd0c23c43be9b85cb67e7
79a907e747dc5b0a4d2594b3365aa71f26b636380b06db8f257ef4ec47b4555f
9c18efeceb64bc5ce4d06ebfcb15dd3e9d132201b2ee6d870a80c8d2ddb9b8b3
ab928789224fd46229b8c5caffab8625636b7005ba793c796c0696e157da4c99
af45ff354aaf65c450cf147194b0f746243361b1385abe580ba10246fee9bd66
b620d76117123aa2d044495ee0c0d85b5c1ba0985cb53cb149a350da07ea003c
bf5d5c28bec7bdcf41fad771fd465ba6bb9a56e053c9470a6e10293466109d3c
f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201226-eyef1dn2ce/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops startup file
Unpacked files
SH256 hash:
ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa
MD5 hash:
1f6e97094da422c94011d97bb1320c8c
SHA1 hash:
a423c457ef379e79586fb41792a2e1c9a4561c54
Link:
https://www.unpac.me/results/5c29c18d-37cc-412f-809d-e63d45b76bb5/
SH256 hash:
15628fcec13a3910b81604550dc7163531b79eb0ceb5ce53792a55ad36c4d018
MD5 hash:
d2cd0401f88e18f52c8cd543cb628552
SHA1 hash:
59c0fdecf9b61726a477301e34b3c725bad7d9d6
Link:
https://www.unpac.me/results/5c29c18d-37cc-412f-809d-e63d45b76bb5/
SH256 hash:
5026b4d5a20d9bd7f07f111adbfdcdffa3423e83a1f5a982c1c34ad610eaa678
MD5 hash:
51aed80bd9770c6cd1f8782f1e37eeaa
SHA1 hash:
9130e5240d562529ff74c9664fa906168a11012d
Link:
https://www.unpac.me/results/5c29c18d-37cc-412f-809d-e63d45b76bb5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Strictor
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 1683736023f0377309b22ec1467ca2c9550c1bec906767a3a1df5e21d121bcba

Executable exe ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa

(this sample)

  
Dropped by
MD5 662b99cc9655e210215513d7ab9c0be9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1683736023f0377309b22ec1467ca2c9550c1bec906767a3a1df5e21d121bcba
Cape
Cape
https://www.capesandbox.com/analysis/109481/

Comments