MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f
SHA3-384 hash: 65985e688cc2e6b5de34d84e23333f3a220621611ebb0852d9b60d7018f7a0f73f28caf851702b51bdd514f4f01300f9
SHA1 hash: 61c8458c1a15464fd51e12d8d67009ec43a9f78b
MD5 hash: 9b1858a9f8aa22c79e92475e59103f50
humanhash: coffee-low-blue-oklahoma
File name:SDI_ORIENT PLASTIC- IPS HP9450 32MT_doc.exe
Download: download sample
File size:550'912 bytes
First seen:2020-10-14 15:03:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'649 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 12288:icEZpRPPMIYF3BshW6BNJe0qtZnqDshdWoPIky:icEHRsIfq0qbqAPD
Threatray 174 similar samples on MalwareBazaar
TLSH 02C401A67384DF29D57CE73C143061505BFAF506E72AEF8CBED840DD0266E0496A2E93
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sptme.com
Sending IP: 45.137.22.72
From: Karen Trinidad <karen@sptme.com>
Subject: RE: Your order for 2fcl of HP9450 from Formosa
Attachment: SDI_ORIENT PLASTIC- IPS HP9450 32MT_doc.zip (contains "SDI_ORIENT PLASTIC- IPS HP9450 32MT_doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70833/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/491184
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-10-14 00:44:08 UTC
AV detection:
41 of 48 (85.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7yk7j6araxqdibdeh6ueefulkzec5jxgo4wjl4h7wvwawd3jm6hq._file
Verdict:
suspicious
Similar samples:
386d18d45cb2b33504413196d292b00ef26db3758f5b5cbbb58ad240be7d7af6
7ce411ff4c9298f999527e39ad53f76697804e3ca427499db5da0292f8ef710b
7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5
82ed346da97a3a9f64ca97ea2fbc0034d0a713e8c0003f0e982f28b85501ae47
a2e772a2b72091fc5996f64198684e85e9d521f620d435c90e36d3327ad44592
abbc118eb1bf05f65a684916411d404bfb76e44bd498c9be15ba798561e9effd
d05ddf26b630675edbee36cba07cd0db94c645c4685a1c533b3a025c7a9669e4
d805b37ff430c59fbac19f5ccbbaa2eec750849def87f05c7bf14e68f8531416
e513fe3d22372fe4e0da834dbecd9fda11473a5861b195d9330b2b23c82650e8
ec66bb08e7be3e235c199b1f253e949fc4296b105b7046cca10ae732cf347873
+ 164 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-2y5henyb8n/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f
MD5 hash:
9b1858a9f8aa22c79e92475e59103f50
SHA1 hash:
61c8458c1a15464fd51e12d8d67009ec43a9f78b
Link:
https://www.unpac.me/results/9fa45e17-8cf8-400d-ba7a-9af8f484c18d/
SH256 hash:
01dd844990e0c5fdcea0f88712253aa1ef4750316f0734ab7099306170b5ea2a
MD5 hash:
eb593633270aa19162cf64663df9dd6c
SHA1 hash:
2ec57181471ff10abe9a04239ca3ea86ea4252b9
Link:
https://www.unpac.me/results/9fa45e17-8cf8-400d-ba7a-9af8f484c18d/
SH256 hash:
9aff010416b681f87dd5c2e2c625b24188cfed00efffa2c75c75d655d77e02aa
MD5 hash:
eb566dc07b28639706d25398f6248b20
SHA1 hash:
796fe7bb3d1c9adf442ef4584d4602f08a8d19b9
Link:
https://www.unpac.me/results/9fa45e17-8cf8-400d-ba7a-9af8f484c18d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip bcdb27fdd0be93b3546deb0f1ab99fe935d4f87acbb3d6874303a1992a9ea8bf

Executable exe fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f

(this sample)

  
Dropped by
MD5 82a397472237d404d4602b6bfebdd4c7
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70833/
  
Dropped by
SHA256 bcdb27fdd0be93b3546deb0f1ab99fe935d4f87acbb3d6874303a1992a9ea8bf

Comments