MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ea3e5e7ae6ff8b80a8aaf98da326f17e4bd0edc32935d9d7324f801f60f94bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ea3e5e7ae6ff8b80a8aaf98da326f17e4bd0edc32935d9d7324f801f60f94bf
SHA3-384 hash: 2b6d1f61ed068c9ae1aaccd88006c55895dfc5a0f9e623406a0585906c037553e34eb7cc2f98ca99ea964418197522f5
SHA1 hash: 772d9fd3516aaff78209c5c572216d43aee8c083
MD5 hash: 03217c5134b34ec71107798ad894dac8
humanhash: emma-coffee-vegan-london
File name:SecuriteInfo.com.Trojan.Siggen9.46098.27358.17939
Download: download sample
File size:125'952 bytes
First seen:2020-05-14 09:37:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:6mx3+bZh2gw4G8JaPfcvPNXRuK1PI26C66JusE2bxyvNPMHxPrgxmPGRVrtw:6mEbL2gw4uPf+BxjkslbodMRTOm0rtw
Threatray 81 similar samples on MalwareBazaar
TLSH 08C34B1425BDC37AE02A9FB659D0E061C7F8A65239D0E3798CA641CB0AD7FC1C945E3B
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.46098.27358.17939.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 01:09:14 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2cc57320f08629f63cf5cfc65ba1cbe100b097a1b7b34ff2bc17d5dff53a7c15
31c29b9b1cee6db4cf305b1e74026561898466f13531fea132a8d4978db9e843
40e0bca62b48fe04fc0fa37d223d901a3970b0930590f08c11fa6023469bd231
449405001febe80d0cd55e1f11f6c4b9af01744821dda0133711d54fc4905e26
48e554159e6003c59fc3cec6633e274dcd650bbd7067413b6ec8de04aed1b958
7c671aa708c21b23eb4ecd81a26321ca0a1052b4944450d0bccddc47fe2ca9aa
af8f8de6f3255cd5e56dac580f9723f0c786281781122946478720a80e49daa7
d1a890009a7844ab2954fa466a2b9381ebb71aea1b98709d8e8c975c008bd7e7
f4b3f3f1705bb5ab7ed5d0dc4bcbae09fd927a760aadbce66762d311450750b5
fb6e964f34f1c68787e0b68226be22a1fae6e82dafd5476d8684d06aa6be938c
+ 71 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
coreentity rezer0 evasion trojan
Link:
https://tria.ge/reports/201109-asyn8p9mtx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious use of SetThreadContext
Executes dropped EXE
rezer0
Contains code to disable Windows Defender
CoreEntity .NET Packer
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1ea3e5e7ae6ff8b80a8aaf98da326f17e4bd0edc32935d9d7324f801f60f94bf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362548/
  
Delivery method
Distributed via web download

Comments