MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ac77ea1b7333cc26a60ce0857e878a7cd0b96025ee8e7764c9c04f38b073ee2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ac77ea1b7333cc26a60ce0857e878a7cd0b96025ee8e7764c9c04f38b073ee2
SHA3-384 hash: d09c236340457245d017006ff163d7586470bfc9c1febcbb69b95ef01d3dc9e71272843d4cf15c10c8f8971603d4ddf9
SHA1 hash: ba970ec72a6b96c1eaa19b7c50e2de0de6394756
MD5 hash: 923fb4de03b2a9493af05a6465a9c139
humanhash: uranus-paris-lake-lemon
File name:8ac77ea1b7333cc26a60ce0857e878a7cd0b96025ee8e7764c9c04f38b073ee2
Download: download sample
File size:3'846'144 bytes
First seen:2020-03-23 18:44:22 UTC
Last seen:2020-03-30 07:07:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 98304:BoEVCh/1k/UCGz5s04Gd127NbpdUxxHkvHtaEYTwxDR7TMU9:2Qc1kNm5s0PdQ8HkvNaEYKd/7
Threatray 33 similar samples on MalwareBazaar
TLSH 59062382185D9891C910CD39098CB2BE30775EFEF7FF150479F27D8624F69D1AA3AA21
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop9.57283.32386.7359.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2019-08-16 13:29:26 UTC
File Type:
PE (Exe)
Extracted files:
24
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
6057a10b27aebb92f7d961ce23929dc41579f6da1dcbf28572d8c5f0ffac488b
632562060da02f7ed5e92b1fe1bd94ce8d993cb134e93f8294beade2f0f42974
739d40c80783a52ae341907b2996cac8a4a51189c176d9e3270a74c3e9d7779b
758c9e9642b467c181548b07d7d47e32e2e37ce7298e0d89674fdbcbe13eb50e
a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
+ 23 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8ac77ea1b7333cc26a60ce0857e878a7cd0b96025ee8e7764c9c04f38b073ee2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/224279/
  
URLhaus
https://urlhaus.abuse.ch/url/70733/
  
URLhaus
https://urlhaus.abuse.ch/url/109072/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high

Comments