MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f65ea73ea5a0adb0b34714d37cfb1e78a8bc84d15dc64f6348915fa14ed98a5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f65ea73ea5a0adb0b34714d37cfb1e78a8bc84d15dc64f6348915fa14ed98a5e
SHA3-384 hash: 09b2022bba64bf74c9c2d509ab368e362a3cfe7bc1106b9e3d73cd12f3a86ce42541798db447347828508cbfbb83a9f6
SHA1 hash: f28f0e4f85bbbeb0164afd99012b4aac9ae59304
MD5 hash: 704e7304a4b48bb62b5756d2a9497eb8
humanhash: cold-spring-winner-indigo
File name:SWIFT COPY.jpg.exe
Download: download sample
File size:959'488 bytes
First seen:2021-03-24 19:19:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:xsv+fVFR3q2XGH9oQAXK2yDwIvP7Zl8cp77BLPyHRl:xsWfVFjfQAa2yDwIvFl8cFhyHH
Threatray 43 similar samples on MalwareBazaar
TLSH D315B98C5D9AC2C6C6754BB882CA84E946D95FF34F22F8BAB9C847CBC130745F506D26
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps102166.ovh.net
Sending IP: 92.222.178.132
From: paco@gpbati.be
Subject: SWIFT Transfer (103) IR07802011023430
Attachment: SWIFT COPY.jpg.ace (contains "SWIFT COPY.jpg.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SWIFT COPY.jpg.exe
Verdict:
No threats detected
Analysis date:
2021-03-24 19:50:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3ef099ea-524e-4e0f-b0cc-9d65dbe4268f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET-5.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d60b6784-222c-47a9-95db-ee39d909433d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/652910
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f65ea73ea5a0adb0b34714d37cfb1e78a8bc84d15dc64f6348915fa14ed98a5e/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-24 19:20:09 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zpkopvfucw3bm2hctjxz6y6pculzbgrlxde6y2isfp2ctwzrjpa._file
Verdict:
unknown
Similar samples:
18f4e5cdfd1f834e6eded0c2aeb60bb6fbe35add6f38d15aa295d05c233d126d
826d203e305f770a9c3b2b3ec8b024ceced15fbc2cf8c1bae72ffa86888edeef
8afb80762bc90479ba2d8f4237e755f78ea789601781615088dfa52f3e87d72a
b2d26e59b2f971fc8dad4d1e077a62abaa7fa3650f52d55a6b9974e151a5cde4
bde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1
cea700a1d56f70dbcfca89039ec933d341259c67bbde48d5229df731cf4522b7
ee94746e41e361b8fb1367df7b320d7df13ea1bc93df46fe35e14c62ea76d543
f349ed3a3e5bab8bc5694ba8885e6717c049064394682b240afe62ede7f67a9e
f9757b6fb92b7dd22a804057b88b125219b660c3038833f8068a629bb05bfba0
fa768e26f300f2c19ef11635dd836b031e0b5352d86d40cdc24284bf874230e7
+ 33 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210324-cwjlfnshge/
Unpacked files
SH256 hash:
f65ea73ea5a0adb0b34714d37cfb1e78a8bc84d15dc64f6348915fa14ed98a5e
MD5 hash:
704e7304a4b48bb62b5756d2a9497eb8
SHA1 hash:
f28f0e4f85bbbeb0164afd99012b4aac9ae59304
Link:
https://www.unpac.me/results/38c01bdf-fe41-4870-9bb7-30e3125c0eaa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f65ea73ea5a0adb0b34714d37cfb1e78a8bc84d15dc64f6348915fa14ed98a5e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

1d3b03f498f96b893876f1e20f3dfd20

Executable exe f65ea73ea5a0adb0b34714d37cfb1e78a8bc84d15dc64f6348915fa14ed98a5e

(this sample)

  
Dropped by
MD5 1d3b03f498f96b893876f1e20f3dfd20
  
Delivery method
Distributed via e-mail attachment

Comments