MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779
SHA3-384 hash: 3f5ac666d7053628dd1afd079a6c41e001204ec20eadfa8e3ee86b0ed209de5ae301760d1aed73c9b83e585b463f9167
SHA1 hash: f585515c607d3a070bc16b97cad255856e930616
MD5 hash: e0195c4ca8f838672836ac80b4195517
humanhash: island-bulldog-nevada-massachusetts
File name:Binance Mega Treasure Hunt.exe
Download: download sample
File size:164'352 bytes
First seen:2020-12-20 07:57:14 UTC
Last seen:2020-12-20 09:34:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'477 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:oIKesH5cjqbN/l71vJpVZ0y13knCgmgZZo/dr2/eP:otv5cjwxvHVZ0y1UCgVZ+dr2/e
Threatray 21 similar samples on MalwareBazaar
TLSH EBF3396731DA1ECCDCDE9AFE5E196CF25767FDAEC322A0953A11A02A04C3141B52E71C
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mailer.binance.com
Sending IP: 185.244.38.210
From: Binance<do_not_reply@mailer.binance.com>
Subject: 12 Days of Christmas Treasure Hunt! N100,000 Worth of Prizes to be won!
Attachment: Binance Mega Treasure Hunt 12 Word Phrase.img (contains "Binance Mega Treasure Hunt.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Binance Mega Treasure Hunt.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-20 07:59:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ea271a50-be78-458d-a6b3-a21bea1419d2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108590/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6317.29443.21170.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a file
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/566934
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-19 03:44:18 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ujoi7hgsh4zn5b6otfqppuuip22unhb5pg7hrjmsya5ubz6u54q._file
Verdict:
unknown
Similar samples:
1676e36eec12118ae10d1f090b6bf269d3f3c3ff771ecb0422231946415b2b13
390a3c19f40c0c0cc56ae4c15c6f8aa159c00d08887ac52d0d8d7a5d1eb51b0c
7210dc31f2e68cbad04a8e9167b76554db1f7c46b0bcd0c23c43be9b85cb67e7
9c18efeceb64bc5ce4d06ebfcb15dd3e9d132201b2ee6d870a80c8d2ddb9b8b3
b1843804becf4e44da1fcdf44b5c1f1efe3f24cc342c4232dfcbd03814abb50d
b620d76117123aa2d044495ee0c0d85b5c1ba0985cb53cb149a350da07ea003c
bf5d5c28bec7bdcf41fad771fd465ba6bb9a56e053c9470a6e10293466109d3c
d6e1c4c9090d58d498162d834efa18bc54e0a25809ba10821fe21f689946f0e5
dea877be3b8ceb7eb4cb1bb40895bc6886d3ccb0f2498e7b3c4257d726a7d896
f7d2fa51abb13fda6023fc4959328f815b6d9400beeb6a9bf1af1696cc6c0faa
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201220-v3kb8gd6se/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops startup file
Unpacked files
SH256 hash:
5026b4d5a20d9bd7f07f111adbfdcdffa3423e83a1f5a982c1c34ad610eaa678
MD5 hash:
51aed80bd9770c6cd1f8782f1e37eeaa
SHA1 hash:
9130e5240d562529ff74c9664fa906168a11012d
Link:
https://www.unpac.me/results/38e5e075-8f5b-4875-b854-e1d6287df6a3/
SH256 hash:
1ef845e3579fc14e73cf682db3455832da2cd3e18f31a71f164fd5151c453b6e
MD5 hash:
bc0fca3ef87f171176964c4b4246fe1a
SHA1 hash:
c5b456fffd0c12c48c6ba49b5ee25d417576e9cb
Link:
https://www.unpac.me/results/38e5e075-8f5b-4875-b854-e1d6287df6a3/
SH256 hash:
f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779
MD5 hash:
e0195c4ca8f838672836ac80b4195517
SHA1 hash:
f585515c607d3a070bc16b97cad255856e930616
Link:
https://www.unpac.me/results/38e5e075-8f5b-4875-b854-e1d6287df6a3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 65c93026453a6cfd5f647115cbb2086542034435a8dc2559e3ee3daa9e024661

Executable exe f512e47ce691f996f43e74cb07be9443f5aa34e1ebcdf3c52c9601da073ea779

(this sample)

  
Dropped by
MD5 0e99a61bb6a6a99e3a6146b3afa82753
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/108590/
  
Dropped by
SHA256 65c93026453a6cfd5f647115cbb2086542034435a8dc2559e3ee3daa9e024661

Comments