MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5
SHA3-384 hash: 374dd68c3184484292217635325c2c7f3b4a75231301dc2b9522634f071a9998d14a5c33bb125957bd55c7194dc69e97
SHA1 hash: b2cae1a735e3c8c62b67086b513c5783d8476f7a
MD5 hash: 65100e0dd48c538e58f0ccf629595422
humanhash: five-stairway-bakerloo-cat
File name:Purchase Inquiry.exe
Download: download sample
File size:532'480 bytes
First seen:2023-07-24 15:15:39 UTC
Last seen:2023-07-31 06:54:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:dCm3XL5fkj0tV3yjTRnQXK/JOUyzb7hYNa4QBZGrY4U2kS1SzTbym7PHC:ln5k6Ge6/gUnNa4Q6xUyg/C
Threatray 8 similar samples on MalwareBazaar
TLSH T168B4129586B81E00C8F44E78454C3747E7BE7CB3E162AB4B8EB85ECD45BD606C72B891
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
284
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/431222/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.97730.20115.4073.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a file
Sending a custom TCP request
Gathering data
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b6b8da18-2720-4ed2-81ea-86675f4e5050
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1278421
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-24 03:48:12 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
17 of 37 (45.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6xeluihekxbjgljdbrtvqoqj3x3dzqfwly6bzu5qhaxmucb4t3sq._file
Verdict:
malicious
Similar samples:
2471e14de265a1cc39ea6030cec91bc81960aebcb02d50e0e59cb31fc55552e6
24e365e6ec99a774571ec4d93960c3896bbb987f43badd26406de8faa79b7211
2b8cd7175430c7efadb5156b883b63cbbd179579ee58dccb27efc68c22cdc819
67349de16fcd49c2df92647f3c27f5ef96506676261409e37da49c6ac5238435
8101d65f0f12946bd742b2b7513075ea485e3134258032252bef1938ac3cd3cd
97998689dcca7f8fac116a458168c2e7575f6442ef68e4729543799d07ccd849
a2d2a62835ec13260cc35eb5773e32b5205adf74c8dac852e614f6034c634309
ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230724-snf9vseg96/
Unpacked files
SH256 hash:
f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5
MD5 hash:
65100e0dd48c538e58f0ccf629595422
SHA1 hash:
b2cae1a735e3c8c62b67086b513c5783d8476f7a
Link:
https://www.unpac.me/results/263def25-0304-4137-b9a0-95fd12532abf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/431222/

Comments