MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06e874e4445834d151626e6c58ecd69d10373ba4c8b5b566dd10129acdb11065. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06e874e4445834d151626e6c58ecd69d10373ba4c8b5b566dd10129acdb11065
SHA3-384 hash: 56f7ab82dec47c854175805761588ef736c90cedf5525f6da3617df97497eeb96196dd3e6cbed314c9ff0830467b3588
SHA1 hash: f032e511c205142cdecee9b0ca652e862b2b4805
MD5 hash: a2510a128c72b710ceffe5216685ffab
humanhash: may-solar-black-four
File name:a2510a128c72b710ceffe5216685ffab.exe
Download: download sample
File size:19'456 bytes
First seen:2020-12-14 07:58:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'602 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 192:jPeoUzWL8dnJDwxYIKnJfXKnJXeOyDnJaZKnJ9tlKnJzYT+DnJt1KnJD6nJ6IoZb:eN8p3Vf/Ykt0elBHJD+eSsU8CY2f
TLSH FE92F73673FA9339E8DB17B094B981108670F1A26A12DB5F7CC852835BB37D61683793
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a2510a128c72b710ceffe5216685ffab.exe
Verdict:
No threats detected
Analysis date:
2020-12-14 08:00:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fdc60823-7c55-408c-b54e-1c86b44262c1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a UDP request
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/561851
Signature
Binary contains a suspicious time stamp
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06e874e4445834d151626e6c58ecd69d10373ba4c8b5b566dd10129acdb11065/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2020-12-13 23:39:33 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201214-lhszp3f5ja/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
06e874e4445834d151626e6c58ecd69d10373ba4c8b5b566dd10129acdb11065
MD5 hash:
a2510a128c72b710ceffe5216685ffab
SHA1 hash:
f032e511c205142cdecee9b0ca652e862b2b4805
Link:
https://www.unpac.me/results/bc3d8dae-8644-49af-ac87-4dc48a086b93/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/06e874e4445834d151626e6c58ecd69d10373ba4c8b5b566dd10129acdb11065

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 06e874e4445834d151626e6c58ecd69d10373ba4c8b5b566dd10129acdb11065

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/896394/
  
Delivery method
Distributed via web download

Comments