MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3d73a97079478583fb8ec8e057635547d2895bcd59f57df145386c29657ea75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3d73a97079478583fb8ec8e057635547d2895bcd59f57df145386c29657ea75
SHA3-384 hash: 3f8ddbdd1ebbb7403abcd067d797ae6b10bcd7e264c8786829c3d25f8f1d12f918eb60376388d050be6730ff6b9f6f2e
SHA1 hash: 3424ee732f4bbe41d977ad59cd6d8f4235385095
MD5 hash: 8034076d1c34a8d5b4e1acf4f83889a6
humanhash: jig-winter-sad-high
File name:260vv53.exe
Download: download sample
File size:160'565 bytes
First seen:2020-07-13 09:34:39 UTC
Last seen:2020-07-13 10:59:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 3072:JHZpAaRk7/Pa2LCUM7So/+6pRrMrdFglzx5JnnUNHr3noeh3H6DprabO8GDQBZ:lOTPLpi/LJudFAF5ONHr39h3Opri6y
Threatray 260 similar samples on MalwareBazaar
TLSH B6F3026457DE57B6DCF31A38FD512312C5255A40A929FB8C874A378C8DA33058F22BEB
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/25173/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.58278.3647.28509.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Siggen9.58278.1608.27264.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Changing a file
Creating a file in the Program Files subdirectories
Modifying an executable file
Moving a file to the Program Files subdirectory
Moving a file to the Program Files directory
Launching a process
Forced shutdown of a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3d73a97079478583fb8ec8e057635547d2895bcd59f57df145386c29657ea75/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 09:35:36 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1b63db723d1957b88d6199fb5ea958f28de43333d2482a137c5b73b8be78a4a0
1e82507cd7b999f2ffa46f4591486b0ff45fb3fc664419279c15677f4a5a20d9
5056afb57576d4fc72369a0c11d434406085f7e62f773f3db7e297061cba717a
701bb7d545df1a98de90d0a414a90c7f09538fe02f32e8ffc4c6312aab8349c5
75ce329091d54aa2fcf6cd6f58704493e0f4ac878279c49db239140051341931
aa5bb63c10ba7512a7f1612ca4b89768023be9fe17bcdf07665ec06640ca242d
b2a788fd71a0f4b05dca86d0b8d44abd718261d0fe9cb2f6a947b87987d11cd1
bac6ef51da1ca402c3cc71dee9ea466911aa1f2d75dcf5f0b31d29ab3350e015
cf4cf0f064bbd1115fdee0971c7ffc9a474984eeda8107040589b425ae1a6605
d12fda0c8cf02474c474c6cbeba40591ba336a7fdf8d3f164493e5f6200f77ca
+ 250 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200713-ps6kwvhkj6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in Program Files directory
Suspicious use of SetThreadContext
Modifies service
Enumerates connected drives
Drops desktop.ini file(s)
Reads user/profile data of web browsers
Drops startup file
Modifies Installed Components in the registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/25173/

Comments