MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3 |
|---|---|
| SHA3-384 hash: | c14ebd2d8bd44e8ae7fa69661fa6a7ca27c18d1d98d71b8241303e1592bc8fd72c9045213ab3f67226092d6c2627e105 |
| SHA1 hash: | 8a59e90bcde0e2c2e44c0229c7cb23e97ae78158 |
| MD5 hash: | b1ac65c3e4c734439003a182024b131f |
| humanhash: | twenty-kitten-network-beryllium |
| File name: | paymentslip.exe |
| Download: | download sample |
| File size: | 11'496'869 bytes |
| First seen: | 2020-04-27 21:15:04 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e72c3bfcbb77a361abf35cfdb2b95db2 (1 x Formbook, 1 x Mimikatz, 1 x BlackKingdom) |
| ssdeep | 196608:aNr3xDGuF1AMxAsmBXGe/tbYPvbJQlHmFC8C6zlXTsMHEC3E:W3xbF1YNGe/kJQlGZsvy |
| Threatray | 34 similar samples on MalwareBazaar |
| TLSH | 41C63343DEB2CC37C1E7137710E8F9B50C6CAC558F7A70A62A88B924EDF7184D9A4856 |
| Reporter |  Racco42 |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Lazagne
Status:
Malicious
First seen:
2020-04-28 01:24:45 UTC
File Type:
PE (Exe)
Extracted files:
1776
AV detection:
24 of 48 (50.00%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 24 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe 434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3
(this sample)
Delivery method
Distributed via e-mail attachment
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| AUTH_API | Manipulates User Authorization | ADVAPI32.dll::ConvertStringSecurityDescriptorToSecurityDescriptorW |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CreateProcessW KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryExW KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetDriveTypeW KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineW KERNEL32.dll::GetCommandLineA |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleW KERNEL32.dll::ReadConsoleW KERNEL32.dll::SetConsoleCtrlHandler KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleCP |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::RemoveDirectoryW KERNEL32.dll::SetDllDirectoryW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.