MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1
SHA3-384 hash: 4ffd2ad92c8acf33dfb6365aac6ad23e2bdef1b74cac757fec348443bb98f3bf3f5b415db9422be40ee14ff4163c5e77
SHA1 hash: be0ed06ecd81d6782349cd2a8781596c52d4cd46
MD5 hash: 6956630ee4efe1b3723f37e5c31bf569
humanhash: six-emma-comet-carpet
File name:DRAFT BL - SO#C348 521 (BL TELEX RELEASE)............................PDF.scr
Download: download sample
File size:728'064 bytes
First seen:2024-05-22 09:13:32 UTC
Last seen:2024-05-22 10:19:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:Ligd6+hkpstM13N91AzHvCCQXgRwggo7liW1eIe0H2lztV6Y+yaxXog8kFeXsLhg:+e6+hv+991AzPC2DlpiW1ApXottQpu
Threatray 260 similar samples on MalwareBazaar
TLSH T109F42316FFE8D91FD22D6BBECD29410516F0A1066B62FBC80CD710E624A7B848B45777
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter threatcat_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
312
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1.exe
Verdict:
Malicious activity
Analysis date:
2024-05-22 09:17:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5299efb1-3583-45c9-9bd8-fb319fe61ec1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.17387.12228.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=664db776e9e4e4d009e88873win7simulatehigh_evasion
Tags:
Heur
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Searching for synchronization primitives
Creating a file
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade packed
Link:
https://www.filescan.io/uploads/664db763a7eacff20fc977f6/reports/4ab95c45-36b6-4803-bb9f-0c6591a9a69c/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e6b7b3f3-98e0-4728-8935-4a32313e4d87
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1445626
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2024-05-22 08:44:04 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7msaxuxhmjnrbjpd5zxfkmmvbgk54khgptc7bz3ypwkv2bcbnpaq._file
Verdict:
malicious
Similar samples:
143d962bb7b915798075dcbc1a88f442a50f750ae12f10f7252a19a9da02e537
36d09ca71335d5a490b523a7dbbf5d03243c45afaef1c19ba15876cfb2bdca5d
8019ad825c81ba5c7c447148f0d7f8034c6c2b48bf92a448e72983b593fa7319
8d06422e84184ba0a6a20a12e4fe75b09db8286f2862c971d25bc243699955d1
fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1
+ 250 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240522-k7bjqaac65/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1
MD5 hash:
6956630ee4efe1b3723f37e5c31bf569
SHA1 hash:
be0ed06ecd81d6782349cd2a8781596c52d4cd46
Link:
https://www.unpac.me/results/df33770f-1daf-426d-8371-6ba23828a4fd/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fb240bd2e762/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe fb240bd2e7625b10a5e3ee6e5531950995de28e67cc5f0e7787d955d04416bc1

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments