MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c
SHA3-384 hash: 39349b66431748228ac2f28257bef37c363e4d82c95bd03ecffc3e40dd43a12edb96ef6077930e275ee7a186b9579584
SHA1 hash: 5771c14b21d643b60f190460e4f47840e854e996
MD5 hash: d016865efa860609b5fb5ece4b78dd5a
humanhash: jersey-island-zebra-magnesium
File name:ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c
Download: download sample
File size:5'778'148 bytes
First seen:2020-03-23 16:18:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b28c641d753fb51b62a00fe6115070ae (1 x Sality)
ssdeep 98304:w3Lmqp1B1XgZididUvXMGHbJDPpvJHnzBdhJLwJvnqOIN9WNM6RfGVhHzlr/Alu6:w3qqpWZRKkMfFDRgnB2WTtyHBlnB+
Threatray 4 similar samples on MalwareBazaar
TLSH 1B46E020E542D131EEEA08F592BD5AF259684D08772B70E3A4E878C4C6B35F2367D35E
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Pistacchietto-7150582-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2018-06-27 15:09:04 UTC
AV detection:
22 of 43 (51.16%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
e6ff6d164a876c50bfc4a6f7b6397914f9656d0e4aef1ceba65f1e92ed1b6c69
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/143328/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingA

Comments