MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcf6e06fa10585d1f58a3f85a65840503b588cc7909732205b70f71fe9950def. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcf6e06fa10585d1f58a3f85a65840503b588cc7909732205b70f71fe9950def
SHA3-384 hash: 2f05ed46349e58b416c36cfe106a805cbf7fa7c8bed5bfc05525ee8740c16ebc3fe14dd01c2a38f13548d56fd705b32f
SHA1 hash: 39b7ef46c6f49e5def960a2b305a4652473c2d58
MD5 hash: b7273a87865f1a0628b15b97c8f96b35
humanhash: double-comet-eleven-high
File name:Stub.exe
Download: download sample
File size:48'128 bytes
First seen:2020-05-01 15:19:32 UTC
Last seen:2020-05-01 15:55:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 768:gobeMrRztm4GN5PN413wRCn1OCDyjb5gr3imAhgi7YwbClZd2tYcFmVc6K:gobeMrdDAUVebWrSB7P+rdKmVcl
Threatray 298 similar samples on MalwareBazaar
TLSH 8E231C1037D8812AE1BE5FB85DF26251867BE2633603D94A3C8811DB5B13BC69A426FD
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Ursu-7731814-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysen
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 15:19:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
0ed397f068e9ffac40486cc83ff5eeb06df0e2b504eb3e5bfdb2acc43c3c98f7
1d0d8c5370adf00c6dfcebcd398685e53871c2848d6241854cf338149c2bd7c3
243f707f1d8eabf197f836f4e87426bf3f2619ab74a089e15ed8182e74752dcd
2bb06f09556b4531015208c97a20dd3b56d6b82b2d3f49a353dc65be55da4623
5d3458557fbbbb90d173421d121a336cda9d4af770eddf393f7c3705fca4862a
6b09f1cfc05625cdd9c328e7ac8c67ade7fcc234cd0631999d8996b54c3da722
92bee9898c4a67a5fe3a209982221c240bc96627ee3fac96369eafa443bde986
ac016f9b1592fb93fe1117f2a2e20b383944828d649f1ba33ecf831a78537b78
c54b60f2101b09c68669821453bf68653d2bcc7b9030a13edd5486a387a11cab
e678a72b6f30f69daafd945543d4bb3e58152c37f8a7b883ce96b9ddf1c1c482
+ 288 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments