MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0
SHA3-384 hash: 72a6a4ab98b9faeeaffa3a9a4e7601af059bf94c538fa97c5cf94f2af736b81d20a9b12cfca0f6b28d62024a31205301
SHA1 hash: 20994a3effede4eab6663a0e54e9eca95b0273ab
MD5 hash: 7faf99ca87954bd1258122b30306581b
humanhash: idaho-king-papa-alanine
File name:LISTA DE TAREAS DE BINANCE GIVE AWAYs pdf.exe
Download: download sample
File size:155'136 bytes
First seen:2021-01-01 19:08:39 UTC
Last seen:2021-01-01 20:42:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'660 x AgentTesla, 19'470 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:9j5RPsKcjqbN/l71vJpVZ0y13knCgmgKMo/dr2/eV:9jnsKcjwxvHVZ0y1UCgVKndr2/e
Threatray 12 similar samples on MalwareBazaar
TLSH 2BE3286731D61ECCDCDE8AFE5E196CF25767FDAEC32260A97A01A01A04D3141B52E71C
Reporter abuse_ch
Tags:ESP exe geo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server96.hndservers.net
Sending IP: 51.79.17.195
From: nadeemsagar@amsons.com.pk
Subject: Sorteo de año nuevo de $ 20,000. Premio mayor 2.000 BUSD
Attachment: LISTA DE TAREAS DE BINANCE GIVE AWAYs pdf.iso (contains "LISTA DE TAREAS DE BINANCE GIVE AWAYs pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
LISTA DE TAREAS DE BINANCE GIVE AWAYs pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-01-01 19:09:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/257fe582-7fa7-4a9d-9a3b-b9a9871867ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110236/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6317.28841.2519.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a file
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/572835
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 335480 Sample: LISTA DE TAREAS DE BINANCE ... Startdate: 01/01/2021 Architecture: WINDOWS Score: 68 36 Antivirus / Scanner detection for submitted sample 2->36 38 Machine Learning detection for sample 2->38 8 LISTA DE TAREAS DE BINANCE GIVE AWAYs  pdf.exe 3 2->8         started        12 chome_exe.exe 1 2->12         started        14 chome_exe.exe 1 2->14         started        process3 file4 34 LISTA DE TAREAS DE... AWAYs  pdf.exe.log, ASCII 8->34 dropped 42 Writes to foreign memory regions 8->42 44 Allocates memory in foreign processes 8->44 46 Injects a PE file into a foreign processes 8->46 16 RegAsm.exe 6 8->16         started        19 conhost.exe 12->19         started        21 conhost.exe 14->21         started        signatures5 process6 file7 32 C:\Users\user\AppData\...\chome_exe.exe, PE32 16->32 dropped 23 chome_exe.exe 2 16->23         started        26 powershell.exe 1 18 16->26         started        process8 signatures9 40 Machine Learning detection for dropped file 23->40 28 conhost.exe 23->28         started        30 conhost.exe 26->30         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0/
Threat name:
ByteCode-MSIL.Trojan.Cryptos
Create hunting rule
Status:
Malicious
First seen:
2021-01-01 19:09:06 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5p72ndoux7pownwb2km2jz7hnkc77vmnxp4hfoeeu6e2i4psh6ya._file
Verdict:
unknown
Similar samples:
05eda8f2c817ec399048cbcfed705c795be9bf403f746b37d4a073e47bd3ffd3
20170bf3dca7d3440fa50382a81ca7802fa021b68b8830f286fe02113d24d850
20be2a950f6fc9e86e5dc56a4cfcb0076d744999c7b577e4863f53364179b470
79a907e747dc5b0a4d2594b3365aa71f26b636380b06db8f257ef4ec47b4555f
ab928789224fd46229b8c5caffab8625636b7005ba793c796c0696e157da4c99
af45ff354aaf65c450cf147194b0f746243361b1385abe580ba10246fee9bd66
b1ec11ffefb1d9d29251fe84c8712c74c331d4172597f038112ecba875b38d3e
cea37cf1f7250974f023b32b47239ed4aacfdcb283cd898050e9ea6495a9c11d
ea8f64464c29c09b37c9f05be40718e144a375aeb920ed699fb3dea644d508aa
f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210101-6fharl2n5x/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0
MD5 hash:
7faf99ca87954bd1258122b30306581b
SHA1 hash:
20994a3effede4eab6663a0e54e9eca95b0273ab
Link:
https://www.unpac.me/results/a20912e1-3ffb-400c-a4c6-c7c8b65b74c6/
SH256 hash:
88cb3886a14d07c4a94ba80aef83664aaee193c5870fb50ef5f7cf5611de1145
MD5 hash:
358a967d31f218b1c88f0bf9fe5f8e6d
SHA1 hash:
2c1e15ea709ae95d821efb0f60bb394490f4ce49
Link:
https://www.unpac.me/results/a20912e1-3ffb-400c-a4c6-c7c8b65b74c6/
SH256 hash:
5026b4d5a20d9bd7f07f111adbfdcdffa3423e83a1f5a982c1c34ad610eaa678
MD5 hash:
51aed80bd9770c6cd1f8782f1e37eeaa
SHA1 hash:
9130e5240d562529ff74c9664fa906168a11012d
Link:
https://www.unpac.me/results/a20912e1-3ffb-400c-a4c6-c7c8b65b74c6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 5e8392d5eff4222045bf8ebe3fbfc8891892777851b26330b35d65387468c741

Executable exe ebffa68dd4bfdeeb36c1d299a4e7e76a85ffd58dbbf872b884a789a471f23fb0

(this sample)

  
Dropped by
MD5 4157060d521024d06a64c98a85d08018
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5e8392d5eff4222045bf8ebe3fbfc8891892777851b26330b35d65387468c741
Cape
Cape
https://www.capesandbox.com/analysis/110236/

Comments