MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18db348d2bc13a33da2eb37da197acc9072aab8a006ee052e5bfbc57ffc99cee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	18db348d2bc13a33da2eb37da197acc9072aab8a006ee052e5bfbc57ffc99cee
SHA3-384 hash:	afda0ac50bd8258bb6dfc51557d6a7f9655f0955a65060059aa6fef2ea387adb7356badc251e2199577cd10ca614fb7a
SHA1 hash:	b90bb819d7aa5bfe8ef6ab9df4136bfb6c3abc7c
MD5 hash:	62f7d5d6a9a25543c94d7dc3e2cbc79f
humanhash:	network-jersey-spaghetti-william
File name:	SecuriteInfo.com.Trojan.Agent.EPPB.14025.18456
Download:	download sample
File size:	608'768 bytes
First seen:	2020-04-22 16:56:34 UTC
Last seen:	2020-04-22 17:45:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	482a26ed176d4546edc420ee3d6a7b80 (1 x AgentTesla)
ssdeep	12288:cxnVrgjySed3y8Lpvvt4e9ZoR2aaXBMCwFWyImSufaTMw0lt3K4:WNWQdVvv3IpCMNUyIm8T03K4
Threatray	2'078 similar samples on MalwareBazaar
TLSH	76D49F22E3A04433C16719799D5B57A8983AFE103E3D5D462BF53C4CAF39782392B297
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.AgentTesla-7687363-1

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-04-22 10:10:30 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

0592333ddc8cbc8651ba7b782a70b972e4627b1505ba9b1812a97046f0484df1

073c3d60993b41a1ea5847c06dab48a4bf4e3da87e74d26d8d51a1c11e0dae0c

0f455b48c43367bf28076037a2d441e78f81143ea5067f144e7d5c6abb79dc73

2e043413f5c0ba21ec762bb6007cf8fbb93c7dc25eb4bcd03d276d128f310cfe

391ea7416464160ef2c7471149d584e4ae9cbd9fa2062cd4319481db7cf82cf3

40e9b18a9ae56099292d10bd537b24db851b03b38a54028f5460b1433f4aa627

5303d0b00592274902d1bb42486dced975ac201463869494cb48a1c8c41e95ce

f0d6e0d054cdb2a4795f1aa9761613d3dd829ca5529e63b93b75c12c2554507c

f2923f695dc02132cea5c0241060dba9a35d317342675118f7b22288e78cee7d

+ 2'068 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 18db348d2bc13a33da2eb37da197acc9072aab8a006ee052e5bfbc57ffc99cee

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/348172/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	kernel32.dll::CloseHandle kernel32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryExA kernel32.dll::LoadLibraryA kernel32.dll::GetSystemInfo kernel32.dll::GetStartupInfoA kernel32.dll::GetDiskFreeSpaceA kernel32.dll::GetCommandLineA
WIN_BASE_IO_API	Can Create Files	kernel32.dll::CreateFileA kernel32.dll::FindFirstFileA version.dll::GetFileVersionInfoSizeA version.dll::GetFileVersionInfoA
WIN_REG_API	Can Manipulate Windows Registry	advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA
WIN_USER_API	Performs GUI Actions	user32.dll::ActivateKeyboardLayout user32.dll::CreateMenu user32.dll::FindWindowA user32.dll::PeekMessageA user32.dll::CreateWindowExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample