MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f089cbd6d20afda4f1e00ed09abd44c9f271c8db61bbb1ce07048fadda34b1ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f089cbd6d20afda4f1e00ed09abd44c9f271c8db61bbb1ce07048fadda34b1ec
SHA3-384 hash: 340852f372278f5c5212082098b77d8244c9ee7018d4d41e4d60dac59d0e20d78543c0c9cb25302c98329e0be98572e6
SHA1 hash: c64bc290acba2c22858a074e4b7b87bf6776a944
MD5 hash: 22a69fd3fd8bbd784afe3f0d1b3dee8c
humanhash: uncle-ink-double-montana
File name:PO_IMG-G7G3D-001HDIE-JJEYE8.exe
Download: download sample
File size:643'416 bytes
First seen:2020-10-26 12:55:05 UTC
Last seen:2020-10-26 15:21:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'653 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 6144:bvrNaqfWK9ddy9SdA/uU7MNd/c8qkOc1/WjS7iB7A6JtH5e:TZlfWaj/crOKS8tJts
Threatray 46 similar samples on MalwareBazaar
TLSH C2D42F68794515E2D762A233A0F50473AAE46D8E73F4597B4382F708297AE1D3C8733E
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: jax4mhob11.registeredsite.com
Sending IP: 64.69.218.91
From: Purchase Manager <docs1@paarglobal.in>
Subject: COMPANY PROFILE / NEW PO
Attachment: PO_IMG-G7G3D-001HDIE-JJEYE8.rar (contains "PO_IMG-G7G3D-001HDIE-JJEYE8.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79062/
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %AppData% subdirectories
DNS request
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/511745
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f089cbd6d20afda4f1e00ed09abd44c9f271c8db61bbb1ce07048fadda34b1ec/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 01:37:38 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ce4xvwsbl62j4pab3ijvpkezhzhdsg3mg53dtqhash23wruwhwa._file
Verdict:
suspicious
Similar samples:
206aab7f55e604472c897665bd209d01da117dda02f7b15ad5769fb9839381ce
40e91b54dfb08b396759074f6018c28433f771a9c6c66ff5b1789d786c591c87
41df7c7f04b04ac0f2eb88f099c9df36f01e11eaff1c189573f49054758d653d
50b298120d93f328fa5949eeb470a41ac0e846b28df37d46cb16c0beaa1b128e
5daec184f65eb553c31e17f10af8a2143dd65c52b61a95ca364b1c725f5ab84a
5dfddf368f0f0406128d3138f485cd1da0a69bebe4e3ffafabf2410463e03ee9
8361cd02491b2a0651e89129aaaa8956409596683821eed908d47987902e0716
a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133
c7573f0e33614200aabd85a18762922a3911f96f27f14829b3a36e325aed2d03
f775e5dbccc816cac60eccab275b5a4babd1046924cc1be39c6bf10d5dc9f608
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201026-4tjpm7q3zn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 6021f0d686320530194127509626c00e3d71bf9e5fda9eb7b67c8f3a1c69087a

Executable exe f089cbd6d20afda4f1e00ed09abd44c9f271c8db61bbb1ce07048fadda34b1ec

(this sample)

  
Dropped by
MD5 98683cb6d801c3ad261a77b3ea4fe06d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6021f0d686320530194127509626c00e3d71bf9e5fda9eb7b67c8f3a1c69087a
Cape
Cape
https://www.capesandbox.com/analysis/79062/

Comments