MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272
SHA3-384 hash:	3d2dc207d1930d4302ab4c99a8421e1f16a160ed591e46fff480452825ab0d8db587d0407d2e498eb9b9c1889cf09dee
SHA1 hash:	958e4c23f9a4387f11165f2534347dbd43010d80
MD5 hash:	40447a9f2376de63982646d8df22fb55
humanhash:	romeo-social-oven-grey
File name:	Build.bin
Download:	download sample
File size:	3'636'736 bytes
First seen:	2020-06-23 09:37:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep	49152:qh+ZkldoPK8Yahamthw94PNgX4h0mM8bVZSY886fynFkzOhFYg0NNT+lxkGvfME4:j2cPK8iEC4Pu4M8nBFkGUTJGv0E6
Threatray	869 similar samples on MalwareBazaar
TLSH	D2F5120273E5D036FFAAA2735B6AF24546BD7C654133852F13982D79BD701B2223E623
Reporter	JAMESWT_WT
Tags:	Masad

Intelligence

File Origin

# of uploads :

1

# of downloads :

287

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Predatorthethief

Link:

https://www.capesandbox.com/analysis/12942/

Detection(s):

Win.Malware.Autoit-7013875-0

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-06-23 09:39:04 UTC

File Type:

PE (Exe)

Extracted files:

22

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

23ef17c8a9fbcb6c35549aff9263566bec6e3fbc61e6bdfb9715d2595a1ee003

788439bb46a147272e39cdd6a8a8ecdc68dbb3317e4d058526d6feda09d64613

a38f26190f844b13a2bbb8cbecf4b57bf109f78b665e34b8164882d8d2cdb6ee

b254d7faa603b46c4c63f6d1f88d65767fb80638a000967fe527b9572b956e35

bcc007773b48459b0b8b0fc4c47d621f65a178d297517486f78aec91d5dc1a87

c1f0ba6302099b8f7ef1ce28a333764efdd308cccc761ba4fcef2af386f13090

c2a69374fa77ae7fa54914c3ae95f0741ca0a17b09550f95afeed9303e2aa76a

cf59115a8711130953d2ff02b54b9aab6fd1dfd3a485eb8b1b36c687d8c855c6

e0304dda8c6bcd6e6987441aab472a1bdaf17efb0ef9906b15c33fb59042e257

e942c853f791a2ebd37ae59344bf8878d9a02cdcb83848a68876c49497c642d2

+ 859 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

evasion spyware discovery

Link:

https://tria.ge/reports/200624-jjvj4c9nvn/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: RenamesItself

Views/modifies file attributes

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Drops file in System32 directory

Looks up external IP address via web service

Checks for installed software on the system

js

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Sets file to hidden

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/12942/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample