MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f47b1f689cbb9167ba8cfe219ed7a60d587a5e27de38743c906085906864091b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | f47b1f689cbb9167ba8cfe219ed7a60d587a5e27de38743c906085906864091b |
|---|---|
| SHA3-384 hash: | 8f036f5ee6eeb744e69b0f0b36d2d82285faf80de28b616171deec0654f0bad2f7ebac797cfc2adaa01b4e2ed2185d6e |
| SHA1 hash: | fa95f13cc12549255a14ba12d8ba7e0c0669bf5c |
| MD5 hash: | 15f7a92078195dd28219d7f780fda028 |
| humanhash: | cold-asparagus-william-xray |
| File name: | LKM2009024.sfx.exe |
| Download: | download sample |
| File size: | 791'738 bytes |
| First seen: | 2020-11-18 06:50:39 UTC |
| Last seen: | 2020-11-18 09:19:20 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 027ea80e8125c6dda271246922d4c3b0 (10 x njrat, 7 x DCRat, 5 x DarkComet) |
| ssdeep | 24576:nJlh9bDuaIbEzhkqZKLn4c1CbBgF6e9MQ27BXf:nJqbB86nOOFMzP |
| Threatray | 321 similar samples on MalwareBazaar |
| TLSH | 0FF41211BBD684B2D57259359D39E315E53C78200F74CA9FA7D80D6EAE30190AA38FB3 |
| Reporter |  cocaman |
| Tags: | exe |
cocaman
Malicious email (T1566.001)From: ""nstang@leesing.com.my" <nstang@leesing.com.my>" (likely spoofed)
Received: "from hbtovs.com (hbtovs.com [111.90.159.112]) "
Date: "Wed, 18 Nov 2020 06:39:01 +0000"
Subject: "Inquiry"
Attachment: "LKM2009024.sfx.exe"
Intelligence
File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Clean
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Searching for the window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Spyware.Noon
Status:
Malicious
First seen:
2020-11-18 00:37:45 UTC
File Type:
PE (Exe)
Extracted files:
72
AV detection:
21 of 28 (75.00%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 311 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
1/10
Tags:
n/a
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe f47b1f689cbb9167ba8cfe219ed7a60d587a5e27de38743c906085906864091b
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.