MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af236b3d6567de1dd3f6a5f63c6c9c85bff92fd15e86319cf589f71444178e33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af236b3d6567de1dd3f6a5f63c6c9c85bff92fd15e86319cf589f71444178e33
SHA3-384 hash: 6f1430e939ca60e642e99e65d6a34d0e7050f90a3014f0b10ee04e45d6417f1b77142f295518906081e8b940470ae0e4
SHA1 hash: f2fd284b128b938c653036e77ee448b5570b63fc
MD5 hash: ba099767867096f4ba4c3c9f525f05ad
humanhash: bulldog-enemy-sodium-kilo
File name:Re New purchase order 17426.exe
Download: download sample
File size:363'520 bytes
First seen:2020-04-27 13:31:51 UTC
Last seen:2020-04-27 15:14:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:mkgglHboEJFzqeKE1QGYnSbL/ARr2u8mWQxm9UhA2nUjMqyFjmN2xQVVS9y3auoy:v/7Z7P1QGYnSPYFNKUAuUjrN2xoL3au
Threatray 5'097 similar samples on MalwareBazaar
TLSH B574F18D732476FFC8A7C57A8AE41C14EE61E0B7832B8347511755ADAD9DA8ACF040F2
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VQE.9846.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 13:31:34 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4rwwplfm7pb3u7wux3dy3e4qw77sl6rl2dddhhvrh3riraxryzq._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
6b532b192afbefc2bcd83ccd84517f4db88ab11916149725fbe3156e2fb87e39
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
cf43cf001b3d13737742128ccf4916e2275fbd1ee0270b884a1d3dbc360f962e
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
+ 5'087 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments