MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0
SHA3-384 hash:	6323f3c0b16c984ab1a78244847783870c7159096e5a441430db70a20f6eb99f5f0d3d505ebb8838387520fa74cef8a7
SHA1 hash:	a41c5cabe7eedb38ff3b63004dc8bd672d815632
MD5 hash:	293d11ea3e549bd042f5073cbb4bd35d
humanhash:	finch-missouri-batman-hot
File name:	Shipment Address.exe
Download:	download sample
File size:	963'584 bytes
First seen:	2020-10-19 13:14:46 UTC
Last seen:	2020-10-19 14:21:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	24576:AizwLRGGIqzDcljpYjsk92LDHT93WtYPXFvrQ5Ue:YNnFzDcdUB4Lf93WtSWU
Threatray	21 similar samples on MalwareBazaar
TLSH	6125230AAB77CAB1E6CD99FB8606ED944FB4DC03F1128A45C548E0CCD6573D20DAB2D2
Reporter	abuse_ch
Tags:	exe

abuse_ch

Malspam distributing unidentified malware:

HELO: dd48220.kasserver.com
Sending IP: 85.13.164.135
From: Quality Engineering Products <christiane.helf-marx@akadia-akademie.de>
Reply-To: snambrath.almandoos@bk.ru
Subject: Re: Payments - October Invoices
Attachment: Shipment Address.zip (contains "Shipment Address.exe")

Intelligence

File Origin

# of uploads :

2

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/72962/

Detection(s):

SecuriteInfo.com.Trojan.Heur.DNP.6m0@ai4G@Ff.32185.17.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/495473

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-10-19 11:58:20 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7yka4uppgn6vcggthcfwurr547qzlfe42zvbztqigv3boowshlia._file

Verdict:

unknown

Similar samples:

04794ec7e7eb5c6611aada660fb1716a91e01503fb4703c7d2f2099c089c9017

3c8d124f87fe334cb263eb04b10349bdb3393a2197a2bdd2873215a69e337772

400613ea1e4f8a22b1f5ed70e9baca60448af46cfbd70ca6f5ec6b74af5e9fe0

4f9c3406a56e9d87af06fc278db9492c9f5fa7dc3056d40070a95e18711808b9

5a418e084b49b740a94d307baf45d67ac25db462fdeb80065fb60ffeb197273f

5d51e206f70f84b317fa60771e7dc610976c70408e45a89c2418baf4a4cef052

6536526fa3203e5eb97977b6b5448f8b44053d7739147a672ebf8a249c9260ea

7cd9624b6ba4422a372ba8d01bf1287ec10abe7b5d658d40fda20a07344e906c

c169469e2e32039ff3830a8e17bad2444a876e96935b6d925cb2d07353c804c5

f72a7401885bd2c5ef7ac79407e2f5b803e475b4fdb598207a103c908e63179f

+ 11 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201019-dsmzznc75j/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0

MD5 hash:

293d11ea3e549bd042f5073cbb4bd35d

SHA1 hash:

a41c5cabe7eedb38ff3b63004dc8bd672d815632

Link:

https://www.unpac.me/results/f9f04387-c494-4e52-af3b-6cce8b0a145c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.48

Link:

https://yomi.yoroi.company/submissions/fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 0546fcc52a1291dc95ca2566f928595579cad6b74d49b6792a99e8954eba3b7d

exe fe140e51ef337d5118d3388b6a463de7e195949cd66a1cce083576173ad23ad0

(this sample)

Dropped by

MD5 c89dea6aaffa5ce7c917e209c0ad797a

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/72962/

Dropped by

SHA256 0546fcc52a1291dc95ca2566f928595579cad6b74d49b6792a99e8954eba3b7d

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample