MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f079f9b485df898c6cbfbacbd9533eeec33e226c79da64f95a3e1e6e751d8d98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f079f9b485df898c6cbfbacbd9533eeec33e226c79da64f95a3e1e6e751d8d98
SHA3-384 hash: fc598facb8f15b67d90ea1cc9066d64d1d476cd1f849f8a0c0aac5c2a1b303ff8582f2955f4d1415984fc779753c9c9c
SHA1 hash: 5715d5bea8bb7a8f5b2f637eaf854b7ea6eca438
MD5 hash: 3c0eae2865775a4d270dbbf18eb183ae
humanhash: nine-wisconsin-mississippi-jersey
File name:122483101396W2 ALS_BANK WIRE CONFIRMATION SLIP.exe
Download: download sample
File size:430'544 bytes
First seen:2020-10-15 13:10:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 3072:1nrw40JRdQk7CpaHYDbU00v7X4Z8tg/77Y+JvJkJp:1nr2JRdnDYqEZ8GvJvJkJp
Threatray 8 similar samples on MalwareBazaar
TLSH 1C945DC4790CEC02EAB6D17C5DA9CCB9B6F02F1D2554C51E0FDF9ADAC0F00AA99A6D11
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: jax4mhfb02.myregisteredsite.com
Sending IP: 64.69.218.95
From: orders <orders@echoproducts.com>
Reply-To: orders <orders@echoproducts.com>
Subject: Fwd: INV#22483101396 , INV#22483101788 BANK WIRE CONFIRMATION SLIP
Attachment: 122483101396W2 ALS_BANK WIRE CONFIRMATION SLIP.IMG (contains "122483101396W2 ALS_BANK WIRE CONFIRMATION SLIP.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71422/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
DNS request
Sending a TCP request to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/492525
Signature
Connects to a pastebin service (likely for C&C)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f079f9b485df898c6cbfbacbd9533eeec33e226c79da64f95a3e1e6e751d8d98/
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 05:08:40 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6b47tnef36eyy3f7xlf5suz653bt4itmphngj6k2hypg45i5rwma._file
Verdict:
unknown
Similar samples:
0008f0704652358e57b21a3bd6090a321962371c7c28f5b29909cee4f7608451
2d73150d7b199e09b62cce531fc0841bab9ffc59d37f6da2528d0ebc60b934e1
41531a4d93d18f13b178a68669236f58a568e4db294f8205c03033761b2628e9
a21f8b25beb919b6e0bdda1ba672e9c2ed15af1afe16dc241e94d2116ef51b75
b880aa0040b5f386b895c23af6b05c18473eb9db95ec3942e713fc454c6f4cef
ba6c27eedbe9c1152f8232f685600ec69ad11ada7b6e82db997e08d89a1b0385
c4758d6e6dc8ddef0f36e438329c3dfb9892848d5e48dd929223327838882504
fa8688776f5af3521ba0bef117fdac64d2473286ad637f9f55313dd2f049c32f
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201015-mpwfzbvhdx/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
f079f9b485df898c6cbfbacbd9533eeec33e226c79da64f95a3e1e6e751d8d98
MD5 hash:
3c0eae2865775a4d270dbbf18eb183ae
SHA1 hash:
5715d5bea8bb7a8f5b2f637eaf854b7ea6eca438
Link:
https://www.unpac.me/results/25f35d0e-56d8-4b57-9620-498042130699/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f079f9b485df898c6cbfbacbd9533eeec33e226c79da64f95a3e1e6e751d8d98

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img dc4e71de1d044cb5f09876658d71002f11243d6d226ffef9aa084923e265b4c1

Executable exe f079f9b485df898c6cbfbacbd9533eeec33e226c79da64f95a3e1e6e751d8d98

(this sample)

  
Dropped by
MD5 8056cb70fc77b4746dfcd1a3bc220e9e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 dc4e71de1d044cb5f09876658d71002f11243d6d226ffef9aa084923e265b4c1
Cape
Cape
https://www.capesandbox.com/analysis/71422/

Comments