MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77d83370f3109b9a0c199c60870edd92184c170abfc2f1817cd625245fcfae10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77d83370f3109b9a0c199c60870edd92184c170abfc2f1817cd625245fcfae10
SHA3-384 hash: 9ab4ad0265d0bcc9ef6078bedcecfe85d8cb25b24cdba31b5296d3f0953425e330034d778d6e8d851ccef67e51bb8f5a
SHA1 hash: eff483980f9476827c9ddff3b84ddd4d85f3e876
MD5 hash: 505d10233824711a525ae33fdd0912a2
humanhash: autumn-dakota-fillet-maryland
File name:dcmnter0901.exe
Download: download sample
File size:878'552 bytes
First seen:2020-05-05 10:25:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bbac62fd99326ea68ec5a33b36925dd1 (46 x AgentTesla, 38 x njrat, 27 x Formbook)
ssdeep 12288:+DIhGkUWuUb0fBKyQ8RzZ6OPZhJxFxeCDWrnc8MFMRI/SAVWtgablrVHr:+UhGkTPGXZNFx/DWjMGRtAraprVHr
Threatray 944 similar samples on MalwareBazaar
TLSH 5B15AF4363DDC3A0C3729273FA69BB11AEBB7C691564F59B1FD4093CEE60221421E663
Reporter James_inthe_box
Tags:exe

Code Signing Certificate

Organisation:Disc Soft Ltd
Issuer:COMODO RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:May 26 00:00:00 2015 GMT
Valid to:Mar 9 23:59:59 2018 GMT
Serial number: F6E3D0098BF4E24D22BBB9550C55343E
Thumbprint Algorithm:SHA256
Thumbprint: A6FA6C1298A5965B20D35204DA0D19C27E83738AE9C10BAF4B14737079D30B70
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Generic-6503294-0
Create hunting rule

Win.Dropper.Ramnit-7598149-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

PUA.Win.Adware.Bang5mai-6804572-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 10:25:25 UTC
File Type:
PE (Exe)
Extracted files:
25
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
180e63e884c208203b6f222673df84b703a55db642fcbc97183a979fc01381b8
1e7645dc4a6c0905d8d8ab0674ea1e775f6d363f7294ae4d64837b21f93d6959
215efb4d72a987d380f71ce2cea15cb73c3084253026a2c80efd7a3c83ae5f9f
370fce30fb19905514c9e42d8cf687b95552261d2d5d47be8b273eca41cfb66f
402fe5594a853b2adf18848d9caf89a8dcd8673e5a9d866e43337c2e856eff52
95654631036f198ae09278641c978609781eee27cdff60dcfe05ba72b367eee7
d488a34718cf2db560dd4c62ccb5fac527cc192716c2d166a71f98abd384aba6
e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec
e4319ba20af83dd8ba6041fd70c3c27dc2c79c648de642487fc1a217e0549fc8
f06eba869afb58e91c7cabb96fdbe08480ab3a45f01ab2e2ac194c8c222bace0
+ 934 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d5vgza97ae/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments