MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 208ba7287f91179d9af3500566e12627e83fd388c9c4e6c2d1559a99af2ab990. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 208ba7287f91179d9af3500566e12627e83fd388c9c4e6c2d1559a99af2ab990
SHA3-384 hash: 01e891c6e6d883614d4b15d3aeb1542f25af44fe5fee6517ca1a79cbbf178152550f597353e50b69517867b270042b31
SHA1 hash: 8e41dcd779ad9da2ea3892ed93d627d52e54efd0
MD5 hash: 8fa14325df683461c41a84161abda01c
humanhash: equal-robert-orange-comet
File name:SecuriteInfo.com.Trojan.DownLoader27.59888.7768.24233
Download: download sample
File size:323'584 bytes
First seen:2020-04-23 14:08:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:jpqIh7qfpf5XLM89B+2D3fJYGJmzONS+5Uy7OP3gke4M:tqIR8V5ANoPvJbIO4M
Threatray 80 similar samples on MalwareBazaar
TLSH EC647C4869266E1BEA6F9578E950049C53F6833A7C2FF30B9C0524E44F0BE61ACD17DE
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader27.59888.7768.24233.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-01-27 17:07:01 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
37 of 48 (77.08%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0a724325d6c34ee680d393db2ab074eb37c5c9c1cd5985e51382d275d97daa10
0fad781290e1db5165942e6d7254edf797efcb2dc7712963286e054065be4ec1
2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1
6b946bb613a85c620302f21a45e55e1cf87fa06941df163aafcfbfcecb580276
6b95bdd0d0a511eb1fb20709941e92eb049f4e246b5615554090520a9a509799
9592036ed734ebc962079bb5cebb099c5b544f8d956c21e15f214b440e42a708
966aa9010dcd3fdd35f00b995066013f1a686c4b8364cd5037b5eaed6f1140df
bd8bae4e8e51b82bc1af834553c9b5aff4240b2b3ea1ca03dedc190c505cbaac
ce1068601331836bad97023db7b1645deb190bdb0282e4f1c483fc77813cd690
cf60dd8e927a419d76dfb060c649c888dacc338cc14b5e3abf5e388213fec520
+ 70 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 208ba7287f91179d9af3500566e12627e83fd388c9c4e6c2d1559a99af2ab990

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/348769/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments