MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b
SHA3-384 hash: e8ef69a28f77a03ed5bf6528ff4ee4de5abb94dc9c2a6fe1d2a93b21a9509905588b10b1376aaff47e9069a089c45bec
SHA1 hash: 9039d4c0ed993549537bcf365fe35c553bd2ba50
MD5 hash: a719b4a9d08553ff7683ddcb7003d68b
humanhash: louisiana-rugby-glucose-whiskey
File name:PO# HM00050746 13461-001,xls.xll
Download: download sample
File size:1'450'496 bytes
First seen:2021-08-04 13:41:31 UTC
Last seen:2021-08-04 16:25:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 24576:BzbGHAzHAjX1QcLg0jHe6GxAo594f7Byqx90KdI9K9nktTpcA+kukY:BziHICE0j+6GKoj49V989KVCiHlkY
Threatray 5 similar samples on MalwareBazaar
TLSH T1B265F157F7D7FAB0E6BE827A86B2891C927774520260978F670076896D23382453DF0F
Reporter lowmal3
Tags:exe xll

Intelligence

File Origin
# of uploads :
3
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO# HM00050746 13461-001,xls.xll
Verdict:
No threats detected
Analysis date:
2021-08-04 13:44:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/be53eb10-07c9-4eca-b416-a1cb69e3e533

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176356/
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ad05ee74-e5eb-46de-a9aa-6a710096eb97
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/826949
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-04 12:58:44 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ucc2imknloljvew63iot5x3hx5l3qslzc6im2auqdlwlf7mewfq._file
Verdict:
unknown
Similar samples:
338ffcde4891ef19f8b2974f2a9188e14a90f592322c8fb07acb662b57b35771
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210804-xnvkqhl58n/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b
MD5 hash:
a719b4a9d08553ff7683ddcb7003d68b
SHA1 hash:
9039d4c0ed993549537bcf365fe35c553bd2ba50
Link:
https://www.unpac.me/results/3e9252af-92c1-4d40-b73b-a457318d3fba/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/176356/

Comments