MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb
SHA3-384 hash: 0a4066b501c8416dc4e4dde164e954932e4d9150b3cb3f66e52e2cac549bbfaa2aa8ef3685fa0169c9d361dae5c7f9d2
SHA1 hash: 20068384e2c4cffba7b9503ad966dfe8c29a4610
MD5 hash: 7f8cf583ff74d621374afd6769db6dee
humanhash: dakota-lithium-hawaii-hotel
File name:OCT POHN512201811_PDF.scr
Download: download sample
File size:548'848 bytes
First seen:2020-10-16 12:58:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:wihCbhFFgs2+FdoPN76jJO/7ndUnRa7yv4GNVtV1EvoQZXWtt2Niyu4AOkd6AHJk:/sFFdh0dMTyu4AOWaGTeb7PMw++
Threatray 14 similar samples on MalwareBazaar
TLSH 13C422B8199A403BD477D6B699E069E2E915BE6330891C6B1053F3470A33E476F8DC3E
Reporter abuse_ch
Tags:scr


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Thilina Prabath<office@fpxsolution.nl>
Subject: Purchase Order for victim-email
Attachment: OCT POHN512201811_PDF.uue (contains "OCT POHN512201811_PDF.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72029/
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/493683
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 10:06:01 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ynjmfkqf57fsoux3fcsrt72k5mrt3rjqif4thbhdabjnqri2xfq._file
Verdict:
suspicious
Similar samples:
1cef46cbb22cfda50b0e93dadedfb09f511b80e802d239270c96954a38d11f28
25dd98cbd230e272bb55aaf5acd0f6cb0e8ec897ec5c0684b5308a0022af175f
4de20c38ffff3f9d75d9a446f152c017d9010477c28c8b97875f95f448ecb761
54cc7fbd8c21b80fa350cea51414fda2e2d1673c80ab0eeab0ec851f51e847fa
9c30836b7e26dc68f2f9299a1014cfda6fd1446b9938d559c82aa6462b5fcab9
bf5d5c28bec7bdcf41fad771fd465ba6bb9a56e053c9470a6e10293466109d3c
c1c3399ed911782ec14180a857a48231f7e3182dd9340ed6308b9a70cacc2885
d7789d465be563d19b1ade313c83023363379649f935e333e16643eec1bc150e
f508afb3a24ea2a3865ef48de1c0f2886ac26641ea6c517c727041e11a15e886
fb6927aca249593b3eb31de8d4a2f2c107ea9afd685b025fdd115b1fc1f11ec8
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201016-bx69jpmf6e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb
MD5 hash:
7f8cf583ff74d621374afd6769db6dee
SHA1 hash:
20068384e2c4cffba7b9503ad966dfe8c29a4610
Link:
https://www.unpac.me/results/75c62e3f-5819-4e87-8845-15abbfa374d6/
SH256 hash:
51824ec659154ba733684baac359d4019c9959e6ce68f108b9845a9bf9b062d1
MD5 hash:
f375b79a3a655ea3c69cadad0c99bea7
SHA1 hash:
9838698ee860395baa6c16d242d94468530a86a6
Link:
https://www.unpac.me/results/75c62e3f-5819-4e87-8845-15abbfa374d6/
SH256 hash:
dea0b412855c8ea77262c2c0a84f926f1fa1f829285e0bc598bdbba05184e853
MD5 hash:
d47ecad0b04acfbae7ce361d8d27d982
SHA1 hash:
ee175cbe062bca588cc1806b85985641a55e70b7
Link:
https://www.unpac.me/results/75c62e3f-5819-4e87-8845-15abbfa374d6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

uue ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1

Executable exe ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb

(this sample)

  
Dropped by
MD5 930c72fc6d46b6c6b890576bfc914a15
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/72029/
  
Dropped by
SHA256 ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1

Comments