MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8c07fc0cc1addc3f25623ac872703d2c10ae5e8fadc7370e13b4162e063a376. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8c07fc0cc1addc3f25623ac872703d2c10ae5e8fadc7370e13b4162e063a376
SHA3-384 hash: 3b0186baa2101aed4585301b0ff7315de0a3a9f560b5c66be3cb74a2db0a6409948f8861011942ba947d9705b3b3c3e9
SHA1 hash: 3c07a739d45a4f8dbad327b1b9c51daece9c8aa0
MD5 hash: 70e231bf43e1543a8549d225cf99d365
humanhash: kansas-harry-twenty-pip
File name:d8c07fc0cc1addc3f25623ac872703d2c10ae5e8fadc7370e13b4162e063a376
Download: download sample
File size:889'086 bytes
First seen:2020-06-03 09:29:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:zYV6MorX7qzuC3QHO9FQVHPF51jgcH3DOkj/aOODtPPGbp0mIE5wXWMPWqNw3yTi:wBXu9HGaVHXDx/dmPPGbpeE5wT9ZvM0c
Threatray 1'107 similar samples on MalwareBazaar
TLSH 921512813BE68876C4F22331943A98E019317C60EEF4A35F6748F71E6431E96D86677B
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Malware.Generic-6961740-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 17:18:28 UTC
AV detection:
39 of 48 (81.25%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
137b5dc137f3f0c5bc3d4e1cd1f2396b33bd5b87291f72013a98b319c130b451
2db7aa7291c73bde092cd4cc8af0aff7eac7245ae5b034d8bb8810c76d85cd91
36e5646b2622d4c47947fa54a8f35c1c9d91db60ce3116e352f9f93b8a9f3ada
4249d6f93c374bf9199c33bbc49f57c1d1dd983e8c6356b5ed8739d326683c77
517e1659c9d9ee4de266b3ade2d06965b670d17082ae2c2c97b4c694bb29152a
5f829ed079ce3010fb99eca5ee356e2ffc5ab62cedfb2683ac5ac76a66fb3ed1
908959fae28ad03836fb12b94a9a2f80981ec15f6481c230b9108f097edeb176
9dc8d8533e87fe22f98fb67f8705e14e93a8eeb5da355dc15251e03837334162
c5aa2a24607b845bd3fa1f856a072061ef62831a5dc138eba9e8199c3cc10696
f428cda5f99c3961bb5532cd38f6c512cffb2a6dfc30865897e52d838c7cfef2
+ 1'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201109-98nh9qpvta/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments