MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff72da13e03a2e2b2019a9899a6d036a054fcac79a563281bd1aeb34a69f3a38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff72da13e03a2e2b2019a9899a6d036a054fcac79a563281bd1aeb34a69f3a38
SHA3-384 hash: 32a131bb5c2aa4b8a450dda36423e64045b4e4a90f918f7c454ca3428016437a451b41037fb29bd7e8d8f667aec3584b
SHA1 hash: 11e66bb899311857c2a0dc88406fb7c62975fbac
MD5 hash: 270f1e82ce6d22581c277bf2b3d918ee
humanhash: nine-may-east-fifteen
File name:New Order.exe
Download: download sample
File size:377'648 bytes
First seen:2020-08-10 13:06:36 UTC
Last seen:2020-08-10 14:03:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:dglD98eEzcv4m0oA9QKdH6ADQmZYJGZxkhvpuKANYTQLBZZlZFlmBKmCcGlmkDkD:ClZ8JzIKQKdrElGghxNANYMfZFlmBKmn
Threatray 28 similar samples on MalwareBazaar
TLSH 4684F10E3A45E490F18C83794727DB171BEA69B31552081A3AB0B37DCB247EBD81F9D9
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: imsantv71.netvigator.com
Sending IP: 210.87.250.171
From: MAX & MUK SILVER CO., LTD <emeraldgem@biznetvigator.com>
Subject: New Order
Attachment: New Order.zip (contains "New Order.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42779/
Detection(s):
SecuriteInfo.com.Generic.mg.270f1e82ce6d2258.15795.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/416960
Signature
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Binary contains a suspicious time stamp
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff72da13e03a2e2b2019a9899a6d036a054fcac79a563281bd1aeb34a69f3a38/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 13:08:12 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=75znue7ahixcwiazvgezu3idnicu7swhtjldfan5dlvtjju7hi4a._file
Verdict:
malicious
Similar samples:
1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb
55add5e5138bf35c9ef1a148b681358e4731131a72be0ebed59a28e7f7fd7eaf
71f37902cad4c188ff274193a76367439dd74a233d4b118b251f56cb4ba46d7a
b0dd472a02ed67fe15e20e2faa6167d8c1e9d54c9f0abc95a255197bbf0c0264
b8888ca416fcb0b2fa48e131a3fbadf177ed9f26528d620ff1df804f17ea8c64
bbf1cebce86dde95f8a66414a1106ae2494b57c7b3d36d6df16b8ddef74e6346
c5f803db7130a7863d26ce38997bea3d62e7c166f27c878576cb482e9618a22a
f72897f4747769b169b5969fcde3b1b7ec92b79e0fb2e67a9d72650ac14c8d56
fad876823d64effebcc0d9b2b353d118e289c21ff2527ddddd2aa54d544d494e
fbc9106506d47f39fddb3a48693e9b3eb80f400d6c273d1e08ecc7ef417f9352
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200810-qx555x23es/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff72da13e03a2e2b2019a9899a6d036a054fcac79a563281bd1aeb34a69f3a38

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip dd6be4329170016cbbc9eb8e8039b2ec1de9f445ff00a5986d5a64e276be6985

Executable exe ff72da13e03a2e2b2019a9899a6d036a054fcac79a563281bd1aeb34a69f3a38

(this sample)

  
Dropped by
MD5 7d41d450655dcda5a2a5445fbcc14c16
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/42779/
  
Dropped by
SHA256 dd6be4329170016cbbc9eb8e8039b2ec1de9f445ff00a5986d5a64e276be6985

Comments