MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a
SHA3-384 hash:	0eab1c852a4708137c19baff132bc5683e65d609b9ead2e218d924920b17d00a5923bbd1221fbc58953c83be06977fcb
SHA1 hash:	6ea3a9652822aae16af97605e98f031e8be97e31
MD5 hash:	e55410171f24865fcf6979d3cfee83a2
humanhash:	kilo-dakota-sierra-freddie
File name:	NEW ORDER PO 20200909.exe
Download:	download sample
File size:	553'984 bytes
First seen:	2021-01-26 12:24:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	12288:TYmF18qpWAxYV7bYWruDR3WXvP58S42sqfO:TbuYWwGbyR3WXHaS4aO
Threatray	4 similar samples on MalwareBazaar
TLSH	62C4C0A2674A9FA6E07D97B48021255093F0E157F722E75DBEF024DA2D62FC14223B37
Reporter	fabjer
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

NEW ORDER PO 20200909.exe

Verdict:

Suspicious activity

Analysis date:

2021-01-26 12:27:27 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5112e5d7-c612-4114-9f28-f6263dd54f3f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/113877/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.471.12451.9900.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Launching a process

Creating a window

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/590581

Signature

Binary contains a suspicious time stamp

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a/

Threat name:

ByteCode-MSIL.Trojan.Pwsx

Status:

Malicious

First seen:

2021-01-26 12:25:05 UTC

AV detection:

13 of 28 (46.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5mzdezsv3h7y76vzmprj2aaaoa62cirvhvsqsh2pk2vsklsffgna._file

Verdict:

unknown

77d54c4049d7d7beca2c7f4897882ca793587b22def49d1b2268f6707a17285a

e3e1334530a63bb70e51fdd7c28ad51bfcdff8022d393a8dbbd6a398e90ff12c

e9bcbfd654307b0c2e6960776084c20444dae83a4300b301f541e5473077b257

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210126-3rhaw9jyea/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

c0505f13838c9a6a4b4e6556c0f06da9fdf47d37f9dc468e7f55291e8d9dabc8

MD5 hash:

96405906fbcabe8a933bee98c611bb79

SHA1 hash:

fbd04bbbe4f493fc6568ada78a9db1c1cb0c7383

Link:

https://www.unpac.me/results/81762f7f-b601-4c3e-af0b-f2b976ce084a/

SH256 hash:

321a00830544cd9e677c91f48c120d46e9af041dc15c2bb42da549b965aa9d07

MD5 hash:

cc38e1edb3f379260452c09eecc74a18

SHA1 hash:

9fbc5476196ae2f17e932f327c7b46452b0752cc

Link:

https://www.unpac.me/results/81762f7f-b601-4c3e-af0b-f2b976ce084a/

SH256 hash:

eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a

MD5 hash:

e55410171f24865fcf6979d3cfee83a2

SHA1 hash:

6ea3a9652822aae16af97605e98f031e8be97e31

Link:

https://www.unpac.me/results/81762f7f-b601-4c3e-af0b-f2b976ce084a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

lha 7cc1641e42b1bdb8b7f31716792cc044ebbcd083bbc6ae31b3d6bb54f3bdb81c

exe eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a

(this sample)

Dropped by

SHA256 7cc1641e42b1bdb8b7f31716792cc044ebbcd083bbc6ae31b3d6bb54f3bdb81c

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/113877/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample