MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738
SHA3-384 hash: 893f32eb54575487cd2935f4f5346a0d183d2bbfef9cf606f0ec309715df521f0e4ac2fb027c2561c92409a7e7519eaa
SHA1 hash: ae8f08c747e6b348cd6475c159fb58148c83c857
MD5 hash: 34749d3eac2676cbe4765332e5282719
humanhash: sierra-mobile-north-alpha
File name:bg_b91355ae194a4a158565794ac53e60dc.exe.upx.exe
Download: download sample
File size:46'592 bytes
First seen:2020-04-30 10:18:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 25b3acc640473b6fce722f16eff93149 (2 x CobaltStrike, 2 x Metasploit)
ssdeep 768:I1kxgHr8n0R/oB96zbjfvshAHTUSetKv3zYPPl977HKIs/ljEhpxnbcuyD7ULq3:I1KgHM0I6DHshAletKP+N97HKBlgxnob
Threatray 34 similar samples on MalwareBazaar
TLSH D023D04271FA885ADB7B71341ABFA72B18383E5AFA79C36D96C0205D1D81E215E24F70
Reporter Anonymous

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Swrort
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 10:36:42 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
29 of 31 (93.55%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
3a509e802831371c7bf1d69240980807db6fb2ea024e5c20eb83e62e0d7aa424
690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed
8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd
895abcd33e96522cc950a56ecc683e6fd340fe1f83dbbc61336fdbb16ac0c5ea
990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e
ae908fa923abade520fd1563f88af3f20913d19dcb8e50601079eeca059e5993
b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09
dd735048e84f832db250acf7e9238d8c2a23e10600a48b45351ac6fe315c7050
e1d49dbd664cc8b4371fcd0d57da951aec767532252452d81f52d39cfb42a856
e62bafeac7136563e3c3b21d94daa7b5688e8f527dbb894d854c018e339df101
+ 24 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::FreeSid
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::WSARecv

Comments