MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a
SHA3-384 hash:	050bf9d384037d755fc60b9502db4018786ab20957684c191662d952dca85b9fffb613c8ccdf4c6b1484eeb9f96d574f
SHA1 hash:	cf0d229457d14b098063396c3be1dc014e41e2a1
MD5 hash:	bcb80d230acc50ccdc34c3d5c9a695f3
humanhash:	march-eleven-lithium-nuts
File name:	a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a
Download:	download sample
File size:	55'913 bytes
First seen:	2020-03-23 18:52:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	af7b8813a2e213ad2ed4a1d42c1b2975 (1 x CoinMiner)
ssdeep	768:OOcr4jl8uDNefAXo4Opt08AcQgVslumQkFMdQDWLgnpDTIZkSWgSN6RL1pr6xkSh:Oz4B8uDwfCABHseCfAgnyT/1pOBh
Threatray	42 similar samples on MalwareBazaar
TLSH	D743E191B76DBAB3EE5D0072048BC400F9267D580B3A6F1D649C36BB7E72A539EC3124
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Win.Dropper.Gh0stRAT-6992332-0

Gathering data

Threat name:

Script-BAT.Trojan.Wget

Status:

Malicious

First seen:

2020-02-18 01:38:06 UTC

AV detection:

25 of 30 (83.33%)

Threat level:

2/5

Verdict:

malicious

24d6774c1e91ab5d03b2bc857f8f35534acbc8f4ed8aaf802372588638100cb4

6960d585698d0353194d53afa7c6db5a68386fa8855cefefe9a2f4ce1292b5da

82732e47492148243ee3fb338c93d43b9a9984f39e3409327600cffc5766af1b

bb14728459929940d4a7c6fd636177faacc0a23e4f75e526f12259e78a3853e7

c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295

e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786

e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea

eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143

edde62496431c693fbd64bbccbb5fbb58338bcd9df1a949712955b110ff8e7e4

+ 32 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/191673/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample