MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08
SHA3-384 hash: 41a1c6dd185c6183cfbb85ea9e470b26661d6eea82f659e3e651b0a6c015032c138ce1ebc1e987ea6fd3ada06923b44a
SHA1 hash: d102d81564c5db282158702b50e06d7488978d19
MD5 hash: 38188c678e10ee14fa72ee5db2e42570
humanhash: pluto-ten-mars-burger
File name:cargo waybill
Download: download sample
File size:907'264 bytes
First seen:2021-08-26 11:20:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc35a0089284ff9c7c45866438ea8a25 (1 x AgentTesla)
ssdeep 12288:F4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydETJnJWkYMecW:F4lavt0LkLL9IMixoEFNYqW
Threatray 1'082 similar samples on MalwareBazaar
TLSH T10B159D12B3DDC2A1C7725173B926BB216DB77D2805B0F45F2F89163DA9B1362112FA23
dhash icon e8ccae8c36e2d8e0 (27 x AgentTesla, 1 x Formbook)
Reporter adrian__luca
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cargo waybill
Verdict:
Suspicious activity
Analysis date:
2021-08-26 11:20:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4dcac8e6-c21b-4d05-9a11-f4b39bb2b416

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/182582/
Detection(s):
PUA.Win.Packer.PrivateExeProte-16
Create hunting rule

PUA.Win.Packer.Ep-7
Create hunting rule

PUA.Win.Packer.Embedpe-3
Create hunting rule

PUA.Win.Packer.AcprotectUltraprotect-1
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f00dfb25-6fba-468a-90a7-d346d7d5233a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/839673
Signature
Antivirus / Scanner detection for submitted sample
AutoIt script contains suspicious strings
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-26 11:21:09 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00668082deeb1c79ed4a3b9cc93bdcb63a49a67dce5f931c0ec4de660a758334
089e8696eff20b84e89e801127624dada3b321b0523d45cb648d437af4271716
1f1bc6a65867b976dd8cdc00b6519b60b4da65af780f1636c447e5ebca91da96
41ec47ce62f13677c0c4576c97e299471072aa9ade05670ad0aefdbbd9187fca
68815fd1b30680f0810f01b9d651b31995e2dbce667d2e2a785eab4c1e56765c
74fcf52e21cc888d770d0b11d411a10bf58b17de81d9376856a381f416bf1a39
82db91ac779a5be13c8cb0ec1317c294a6447cef309083d19dbc0f661292d362
ac2f6be5e15c9c9344043219d8487fdbe92ad443fa23b195b4f4baee5500a5f9
be8ca19f6d30ff45310e64470f12b39dc6529b9921899f5671be5f9359ebf8aa
f8292298f2fe8d14012c0c6d4b98ef47d38dfb0e8e359a81fbcfd338d915dfbb
+ 1'072 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210826-l9kha3ame6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
autoit_exe
Unpacked files
SH256 hash:
fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08
MD5 hash:
38188c678e10ee14fa72ee5db2e42570
SHA1 hash:
d102d81564c5db282158702b50e06d7488978d19
Link:
https://www.unpac.me/results/7898f28b-f618-44cb-9f32-eeb46da5eb4e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE).

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 245681907173d831519c90e6f7fc0586cced07ab0aeabdb603123aaf437d8c09

Executable exe fe12e30bc8b46ea7feb2ff77dee2bf9dee6b4410a81404edfb916fc6b70d6d08

(this sample)

  
Dropped by
SHA256 245681907173d831519c90e6f7fc0586cced07ab0aeabdb603123aaf437d8c09
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/182582/

Comments