MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4f5944306a67722b84763a8240a2c7d8ba2daf754707ec35494fdbba7bb3fa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4f5944306a67722b84763a8240a2c7d8ba2daf754707ec35494fdbba7bb3fa0
SHA3-384 hash: 095c25956f928087bc4175f3cc283b5309aaa187ca402fdb41c49b66eef355b0dd1157c655f3d3b6624f7ae14cacf026
SHA1 hash: a634b10ae10505472b5c37542165bcb5058f4bf2
MD5 hash: 2a5965129ce7a1b634658ac6bbeef09f
humanhash: cat-football-nitrogen-angel
File name:purchase order.bat
Download: download sample
File size:637'440 bytes
First seen:2021-02-01 15:02:38 UTC
Last seen:2021-02-05 17:41:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:h8f7kRl3xbLUJ/VzVoT84HPTLlR572vwytvtt/Jpy:hWibLUbzVEvTpniwStJJp
Threatray 12 similar samples on MalwareBazaar
TLSH FCD4E0B2235B8F96F0BD97788131141097F1E217E722E78EBEF410E91A62FC14267A57
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
4
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
purchase order.bat
Verdict:
Suspicious activity
Analysis date:
2021-02-01 15:03:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1d1572b4-93cc-4191-8df2-e5d42787a972

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114974/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/595482
Signature
Binary contains a suspicious time stamp
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4f5944306a67722b84763a8240a2c7d8ba2daf754707ec35494fdbba7bb3fa0/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-26 01:50:33 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6t2ziqyguz3sfochmoucicrmpwf2fwxxkryh5q2ust63xj53h6qa._file
Verdict:
unknown
Similar samples:
347d5e11054d6bd3be95cbef68ed59692ecc7479ca2361ab62ca23ce46d9c3ba
3c8032ddd2f77a14862946d88ec94bff2d42ea6b4cf59ac2942327f275a2a298
4aadc70a9c5743560308e411e042c9705eaa3aff56d58fd4e169bf37b1f34bab
500e14e032d4586764f392151b1bd45545e99fae4d3a84a1470fa2735ec6694b
77d54c4049d7d7beca2c7f4897882ca793587b22def49d1b2268f6707a17285a
a91554baa682533311ba775b34eeb0843cf49487721fb1a6befb5b35474c6bf9
b0512bf4c4bebccd0be10d2f25cf41a31b76ad4d282e0f3fa53799d45e906a15
d3832be817e8fc538d6c4348290e9998dc8c7fe8e7fecc5a41e446f3614b1a91
e9bcbfd654307b0c2e6960776084c20444dae83a4300b301f541e5473077b257
eb32326655d9ff8ffab963e29d0000703da122353d65091f4f56ab252e45299a
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210201-vasll6el4a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
f1f498f832ae623f2713e3236e3aa7090ae0ea1aac461d78c85c36cb5f3a2a37
MD5 hash:
24e506409bdd1932b1b166412db397ac
SHA1 hash:
ea68fdde8d8103e7cb28679e302e861ab3a51441
Link:
https://www.unpac.me/results/c0fa55f2-a126-4adc-9d62-67f445fd9f4f/
SH256 hash:
f5a48c6a2c3ddac98ffc8c5b4ec37f8035dc4744a3cc5474fd245e28c0d4bd40
MD5 hash:
6e943f9364a94341afd6d5b4d425d6f2
SHA1 hash:
517ca0f97f23a3bb702b8a5043ce49452045a94e
Link:
https://www.unpac.me/results/c0fa55f2-a126-4adc-9d62-67f445fd9f4f/
SH256 hash:
f4f5944306a67722b84763a8240a2c7d8ba2daf754707ec35494fdbba7bb3fa0
MD5 hash:
2a5965129ce7a1b634658ac6bbeef09f
SHA1 hash:
a634b10ae10505472b5c37542165bcb5058f4bf2
Link:
https://www.unpac.me/results/c0fa55f2-a126-4adc-9d62-67f445fd9f4f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/f4f5944306a67722b84763a8240a2c7d8ba2daf754707ec35494fdbba7bb3fa0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip aeb8aa836e2001a30e348b3954a58e6b103881c11daa5c6167eb1b9e51fb0d47

Executable exe f4f5944306a67722b84763a8240a2c7d8ba2daf754707ec35494fdbba7bb3fa0

(this sample)

  
Dropped by
MD5 64c9badd629bbb24dfbb6a253303a288
  
Dropped by
SHA256 aeb8aa836e2001a30e348b3954a58e6b103881c11daa5c6167eb1b9e51fb0d47
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/114974/

Comments