MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 219cf2977c0afa489825030495c43b818336546fdc1c8555217c41d2ad730da8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 219cf2977c0afa489825030495c43b818336546fdc1c8555217c41d2ad730da8
SHA3-384 hash: 9314be6fb1a57a1ed63ba27f114b4af9cbc1b3b3d6fe3a82807ae36da7c9dac87846dafb47fc8ef61aacc2e15cf0503b
SHA1 hash: df6f9224d6d947e95f4a5e2d0fc969a7ce14de40
MD5 hash: 80d1a93f8eae715f0f41c1d929399032
humanhash: burger-fruit-north-quebec
File name:219cf2977c0afa489825030495c43b818336546fdc1c8555217c41d2ad730da8
Download: download sample
File size:330'752 bytes
First seen:2020-06-17 09:21:20 UTC
Last seen:2020-06-17 09:42:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:5KLy2sxKeTtAyLFRbKOwEGS969JAAWW4bwBZypklN3yoneIU/4HjBLPMQ/BN63h2:5KmqZdJ94bE/L2D
Threatray 427 similar samples on MalwareBazaar
TLSH A064711125EAC05DEBA267B1CFDAE8FE4566ED67E129616B21D13F13BB339014C02336
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19339/
Detection(s):
PUA.Win.Packer.NETCrypter-6309687-2
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2016-04-27 23:52:54 UTC
File Type:
PE (.Net Exe)
Extracted files:
38
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1ab5a32c95f4645f124b455ccbd65a46e56897a9f0f62e3edd8a8c3ea06189ab
1c9655a848a8e2dd98308732a4fd8bc82d0460ae3269dac8c3f45abcadce95d4
22d836128a4dbbec539196ddfac90474a71230f43b9527f9f37d5f3a56bbb535
5f660bdf5435c4fb1ad9f4aafbb7b38def8ca93dfed281e9b029d4d036e6946d
6effb7ad8b4b42bc97ace9c3f1caf5089323493f535304bbcfca5819fdc30106
78364eb0cc0cf381b000b9ae8f942bb4c94f342ba10827d7e7e4dd8ae3d140ff
7b864591a77a15197d9f25ed3e625b50576ffc061f2849ac6fcc245d296b7357
c935473ffba371fdc0afc552e5d4d71c3e1400d7d07316262bcbbb93b6668b77
d0fa5f41eaf22b17c2a2c2a65eb6ae69c36e2533d184cc07a1295c218e672978
efbe05cbdbc16fea15a71a18c891dc9cb2e88d13de35b515a616a4a94bada0b3
+ 417 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/200624-8ll6gctwt2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19339/

Comments