MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572
SHA3-384 hash: 90f0510f7d0d5ab812a096800b4cb476b8a6ebaa04a50e84976d30630db22769406eae758e0af811f2958d5f588fd915
SHA1 hash: e247e980e8fc129025a2e64ad72b4bc163284cca
MD5 hash: e5383f9ff78e1af6c83f00f618d027c5
humanhash: chicken-burger-papa-sodium
File name:SecuriteInfo.com.Trojan.Siggen9.59975.9415.12682
Download: download sample
File size:605'184 bytes
First seen:2020-07-18 11:53:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:KrMnqjzGYIdjMxMSo15GXacXYp3uyAjrMnnm52k4zUwOyI1:KrvxguwcLjrH
Threatray 56 similar samples on MalwareBazaar
TLSH 6CD4C6F79B4D82C2C4AF9EBCC48207610997EDC5F0F5A60B03667C363676BA0D88556B
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27701/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.59975.9415.12682.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/388644
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 246495 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 18/07/2020 Architecture: WINDOWS Score: 56 20 Multi AV Scanner detection for submitted file 2->20 22 Machine Learning detection for sample 2->22 8 SecuriteInfo.com.Trojan.Siggen9.59975.9415.exe 3 2->8         started        process3 file4 18 SecuriteInfo.com.T....59975.9415.exe.log, ASCII 8->18 dropped 24 Injects a PE file into a foreign processes 8->24 12 SecuriteInfo.com.Trojan.Siggen9.59975.9415.exe 1 8->12         started        signatures5 process6 process7 14 powershell.exe 1 12->14         started        process8 16 conhost.exe 14->16         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-17 11:24:22 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
015da4d338b5ccb6a5ae37b29a30bdd80445280746011616535a26c60b4be0bb
540a1ab8a63b1b07ea3d80939868a94dafb79f6e2fc37a8a2cc22ded21c60deb
750fad3db3f495fec07ac204f7e3717e75324ea9beed2fce1c48350015b888c5
8aef7422bb8ccc4560fb78875a0fb5d4644108a905febacd2b609012930e5744
8e4b63db4255d1428f0856d7e89ab1c147599416d8edd4e4e506d3f0420d77a4
bac48e9a9fad6c9afa0387fe592bb1eabd56cfbcbffef2bbc765e32de2846478
d5151bd37aa74ce1a5782e72bf26630f2df07f1e7cbeb42f45aa2f49645c35a8
dd0b44aeb504ee47ac61b86d092f14b7f3955b76c4b227458237acc4c9f55663
faf1dca0b043816dc1a448c778e8fc03030add15983e04a7cc39851297615c4f
fe7d67f2ca207d604740c8e66d22638049ca8a0c40818ad9f1d8515d6912f16d
+ 46 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200718-d4qqtqj45j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Windows security modification
Contains code to disable Windows Defender
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/414728/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/27701/

Comments