MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b
SHA3-384 hash: c078eb5aec528b4c2924cfb40c67242c2ceaee74f52579a8463c6cfc2e959ba1cc6cb1abbb0bae31570a8db6704a75a9
SHA1 hash: 2bb24deef66c73890b78d190c3d9036e96ad3c8d
MD5 hash: d2b86ccbe2ee7ad7de64a13b81537cfb
humanhash: cardinal-six-don-tennessee
File name:Proposta nº 140689 - Antonio Aurélio dos Santos e Filhos, Lda.exe
Download: download sample
File size:370'688 bytes
First seen:2021-08-26 11:52:18 UTC
Last seen:2021-08-26 11:52:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (83 x Formbook, 33 x Loki, 31 x Loda)
ssdeep 6144:x4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0PzB:iXe9PPlowWX0t6mOQwg1Qd15CcYk0Wex
Threatray 1'084 similar samples on MalwareBazaar
TLSH T1D7741222BDC90CD5F6FBE0BA5DC6CF391D2E71C7083547BCB598CE6CA6541112DA18A2
dhash icon 74f4f090cae4e8e0 (5 x Formbook)
Reporter GovCERT_CH
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Proposta nº 140689 - Antonio Aurélio dos Santos e Filhos, Lda.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-26 11:54:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5eec322a-9527-48ec-9326-4f3d067c7fe2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
DNS request
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Creating a process from a recently created file
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/87debd52-c200-4749-bba5-c3d31a1283d9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/839707
Signature
AutoIt script contains suspicious strings
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b/
Threat name:
Win32.Hacktool.Acapulco
Create hunting rule
Status:
Malicious
First seen:
2021-08-26 09:07:42 UTC
AV detection:
10 of 41 (24.39%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=74ywroxmw3e27sxk6tkvpwaukivbs4mdzcjq3i4ders7f5ntsy5q._file
Verdict:
malicious
Similar samples:
0f3dd18c562054da9edf8c427370c1455f5882d455ca21e8f2ed2cff9d70472c
17d901ea338cf7b487226ebd86f963023ce246d9f3aaa973f6d15c44cb01907d
1c4cf94d38837e40ac5654711ef04cf7f2e07a66c065c46955d92d0d95089d90
27c7757a5432815c4867ebeeaa23152703af16520d73117a372e6371061fc1ee
29a8a708880ca187202112de47bed915bf9fd0e64cab0d08a839b7ede6c16506
378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc
71335267a0a48bbcf678e354b421445d3db926ec5dd9b40c2a004cebb9b166f0
88ceee260ee9b4baa66e0aeb88821c2edbfebdb3f946cb8e1d3c4850ab0a0365
b5225e4f19b8f43d98a52808829087a9019cf247fb6a3f6acd6ae30eccb9e8b1
f3037e5e047b6bfbfb11c453d1d836217e8c7ec606eacce69dfe31bf8b260821
+ 1'074 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210826-8pv89efgae/
Behaviour
Modifies system certificate store
Enumerates physical storage devices
Unpacked files
SH256 hash:
5f4086356d496f2c80c148e3e18cd115bfb5ab16467a3869d2bb830cf0c83a5c
MD5 hash:
8c8e0a1e30d729396eb04980df40d6c9
SHA1 hash:
22f003aa4ba9903cf6272332db543d991ecf1c23
Link:
https://www.unpac.me/results/7f8becf4-5ca2-4cff-8c71-f47d838daa1a/
SH256 hash:
ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b
MD5 hash:
d2b86ccbe2ee7ad7de64a13b81537cfb
SHA1 hash:
2bb24deef66c73890b78d190c3d9036e96ad3c8d
Link:
https://www.unpac.me/results/7f8becf4-5ca2-4cff-8c71-f47d838daa1a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.85
Link:
https://yomi.yoroi.company/submissions/ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments