MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62e9a9522a98f1a4ad322c5ef52fa3187a1204df9455d57766e4b221dc56fd35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	62e9a9522a98f1a4ad322c5ef52fa3187a1204df9455d57766e4b221dc56fd35
SHA3-384 hash:	73d04be31c60013ad6db53e4b3ba2542b44da878e8fc53a6bb831cb44fc001832ec335a9e12a91dd749debd4a86cc18f
SHA1 hash:	d93be5b1c7cd2a4c8d13a1faa53af996671c095a
MD5 hash:	71b152d149e0645483bd12f692675e5d
humanhash:	nebraska-mirror-spaghetti-georgia
File name:	62e9a9522a98f1a4ad322c5ef52fa3187a1204df9455d57766e4b221dc56fd35
Download:	download sample
File size:	489'528 bytes
First seen:	2020-07-06 06:46:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep	12288:VYV6MorX7qzuC3QHO9FQVHPF51jgc1Gd6hVXjnhj:KBXu9HGaVHHVzhj
Threatray	881 similar samples on MalwareBazaar
TLSH	29A422C16FF66224E4F32BB2AD7921206922BCE5E675D38D1164A81D9C2BF40DD32773
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

64

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Blackrat

Link:

https://www.capesandbox.com/analysis/20960/

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

Win.Malware.Generic-6964340-0

Win.Downloader.Juqk-6964695-0

Win.Dropper.Remcos-6965112-0

Win.Dropper.Autoit-6964335-1

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %AppData% subdirectories

Enabling the 'hidden' option for recently created files

Launching a process

Creating a process with a hidden window

DNS request

Using the Windows Management Instrumentation requests

Launching the process to change the firewall settings

Sending a TCP request to an infection source

Enabling autorun with Startup directory

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/62e9a9522a98f1a4ad322c5ef52fa3187a1204df9455d57766e4b221dc56fd35/

Threat name:

Win32.Trojan.AutoitInject

Status:

Malicious

First seen:

2020-06-30 19:51:00 UTC

File Type:

PE (Exe)

Extracted files:

21

AV detection:

37 of 48 (77.08%)

Threat level:

5/5

Verdict:

suspicious

Similar samples:

1a59c372fb9eb877ba20377d45cb74dcdb23cf4ed0436f6baeb1afea51894950

28102f94dd691b7e8f350f294bb627cc5620188b9b8f3fb5fba6e822924105fe

3148f0c0266e7ec90e12a356b8a88a272f3dd4e88c7aa9db82da2788bd0dc2d5

36e5646b2622d4c47947fa54a8f35c1c9d91db60ce3116e352f9f93b8a9f3ada

908959fae28ad03836fb12b94a9a2f80981ec15f6481c230b9108f097edeb176

ca0ffb047bb011ae244daae2f9eb29e4e2db3d77817c5eea1636ce57b6c041cb

d8c07fc0cc1addc3f25623ac872703d2c10ae5e8fadc7370e13b4162e063a376

ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733

eee4d211bbffe896f0de21854cb5adac6e10c85016986efd260b45c7022d7521

f428cda5f99c3961bb5532cd38f6c512cffb2a6dfc30865897e52d838c7cfef2

+ 871 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200706-kvhqnyyhtn/

Behaviour

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/20960/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample