MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecc772a75dbb816a24a983d6b405643994a705e7ca00ebb45d657da75dfa9a32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecc772a75dbb816a24a983d6b405643994a705e7ca00ebb45d657da75dfa9a32
SHA3-384 hash: 15d7a9ac7cfba93f1578015511dbed8e0300420c44c26204b6d62e0a107d64a7a40cdfe6f4f53a37bb6f5387eafad6cc
SHA1 hash: 9319c988b419cf2ed9f4d9619b6f39c0950df6a3
MD5 hash: 8e24d40e0ac0f525743468b1ae5abfaa
humanhash: whiskey-don-fillet-victor
File name:Drawings_#04721.gz
Download: download sample
File size:404'937 bytes
First seen:2022-02-04 05:30:31 UTC
Last seen:2022-02-04 05:31:02 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:d+BByhWIHqjzhVMTBQzDxLZqGsMYyc0cImQoLZa6mK2EPePNFem1TysNgagn5+tW:iypHqZVMmzDxNqTWgZT/WNkATyEgRcW
TLSH T12484237D462D0DEBE064554AF14D34054B03AEA58C5B08384BC2D3198F9B36EF26BEEE
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "info@kact.com" (likely spoofed)
Received: "from kact.com (unknown [212.192.241.38]) "
Date: "03 Feb 2022 09:00:34 -0800"
Subject: "RFQ. for Projects in Qatar"
Attachment: "Drawings_#04721.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
239
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe obfuscated packed
Link:
https://www.filescan.io/uploads/61fcba1818d1bfdde4f112de/reports/b83964b9-bc4e-4239-b970-874ef33a6a83/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ecc772a75dbb816a24a983d6b405643994a705e7ca00ebb45d657da75dfa9a32/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-02-03 15:54:19 UTC
File Type:
Binary (Archive)
Extracted files:
24
AV detection:
17 of 43 (39.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5tdxfj25xoawujfjqplliblehgkkobphziaoxnc5mv62oxp2tiza._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220204-f7qlesfafp/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Sets service image path in registry
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/ecc772a75dbb816a24a983d6b405643994a705e7ca00ebb45d657da75dfa9a32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz ecc772a75dbb816a24a983d6b405643994a705e7ca00ebb45d657da75dfa9a32

(this sample)

Executable exe 46a931997ec21d52aae0fa7cf58840cdc91e5407c49b3a8f7f4c8621b4b08b4a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 46a931997ec21d52aae0fa7cf58840cdc91e5407c49b3a8f7f4c8621b4b08b4a

Comments