MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3a29de249508abd9a537cfe1cf0dba3864e51b13e984dc4436fdab688fa061d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3a29de249508abd9a537cfe1cf0dba3864e51b13e984dc4436fdab688fa061d
SHA3-384 hash: 29496452bdf712f6e1686be606c430f2aa85633fc284c90187271cf24751ddb894cf016dcafbb4c9c4f6e8aa31eb2f99
SHA1 hash: 0103fbf3aa917473c344b1c61efff04390007858
MD5 hash: 8933da4b6fee12fae8211dd66730d29d
humanhash: ack-three-april-cold
File name:ultimate-mailer (x64).exe
Download: download sample
File size:3'326'976 bytes
First seen:2020-11-12 08:09:44 UTC
Last seen:2024-07-24 23:00:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 98304:+cr1ugB6Vb+qL9RKUBDYxX7tvHW5LBc0Cm:DugBmB9cUBsX7t+5L
TLSH 5BF58C9C721072DEC857D47BDFA81D77EA6138BB531B4213902F26A99A2C997CF140F2
Reporter JoulK
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packed.ConfuserEx-6391397-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/532112
Signature
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3a29de249508abd9a537cfe1cf0dba3864e51b13e984dc4436fdab688fa061d/
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201112-4215sgjvn2/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
f3a29de249508abd9a537cfe1cf0dba3864e51b13e984dc4436fdab688fa061d
MD5 hash:
8933da4b6fee12fae8211dd66730d29d
SHA1 hash:
0103fbf3aa917473c344b1c61efff04390007858
Link:
https://www.unpac.me/results/cbccdb8a-83f6-4a93-af01-7f396f286ae8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f3a29de249508abd9a537cfe1cf0dba3864e51b13e984dc4436fdab688fa061d

(this sample)

  
Delivery method
Distributed via web download

Comments