MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jigsaw


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763
SHA3-384 hash: afe991d9b4c957152bd16216a9c28832c0aa133f3a39cfe9d3e9c8163420a98148b8c268a254f669a942d93b997c6986
SHA1 hash: 6000969e75d7d7a3fa1b908bdb9d5daeb5f2534e
MD5 hash: 2fec9bf50de5395f799b23a1099b10d6
humanhash: floor-johnny-mexico-ink
File name:rBlbqI2.exe
Download: download sample
Signature Jigsaw
Create hunting rule
File size:298'496 bytes
First seen:2020-05-01 14:11:30 UTC
Last seen:2020-05-01 16:47:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9dd8c0ff4fc84287e5b766563240f983 (3 x HawkEye, 2 x Jigsaw, 2 x njrat)
ssdeep 6144:pdSK04ETTZ+4TBpvjLCnVlBpevKBauJirVuD05VSKJ:poL4EnU4T/vjLeVlayRihuA5D
Threatray 159 similar samples on MalwareBazaar
TLSH 8954D02035C0C1B3C9B6153044E9CB759E7970350B6AA5D7BA9D2BBA6F213E1E3362CD
Reporter James_inthe_box
Tags:exe Jigsaw

Intelligence

File Origin
# of uploads :
2
# of downloads :
2'246
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.15177.25733.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 09:17:47 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=34cj5672plalo3env725pewfkdd2pispn2piq7ibuaibhsoku5rq._file
Verdict:
malicious
Similar samples:
0874efe680cfb9ab53997e6f4b5e1159d1d4d51f485a6845fc90cd03d10ca29f
Jigsaw
38cab7aaec4c38fcb5a56b1006e584c329513147d22738258f4428c2568d92a5
Jigsaw
4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6
Jigsaw
4e95bcf9cf3ddc47f0ac38cf8657a7e4e136e6204dff183aa302263280cf9c48
Jigsaw
52f1036c20ed23f457be56d231119ad5471564e4095ffd0cc9d614fa89ef9356
Jigsaw
55b9d7cc4b318717f3c48239616132442ee5815c4897d3b154444b825b44657b
Jigsaw
65b904f1a835b7b95e8644177287c03b1eae3a75432dd397347c7416be0ce253
Jigsaw
668c31c58c0816f31b863d088cb88ff43f7c69aeae0e21734f96dd9a5992a872
Jigsaw
82df2d9ba67f275874caca138baea0b54e90ffd727d561072243a9d9026569ae
Jigsaw
d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda
Jigsaw
+ 149 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/355534/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleA
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileA

Comments