MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06eeeac97751699903c4751be6fce5d4d453e25830e8a02cc118f41d592308c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hakbit


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06eeeac97751699903c4751be6fce5d4d453e25830e8a02cc118f41d592308c9
SHA3-384 hash: 50501ca652436a605d09ebfa066061f58179272d0ab05751b9ba1fae142ca0ece12817831cb8319c6d518fa590842cef
SHA1 hash: 8eb96bc013f1c8574f2b6bd09302620de712e225
MD5 hash: e6943e055abe0f889783d381065c3587
humanhash: butter-mango-jersey-minnesota
File name:06eeeac97751699903c4751be6fce5d4d453e25830e8a02cc118f41d592308c9
Download: download sample
Signature Hakbit
Create hunting rule
File size:14'697'344 bytes
First seen:2020-06-29 10:14:20 UTC
Last seen:2020-06-29 10:58:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 393216:jmWB75kT0K/Kmwg9Fib87z7EaO2okaav3w:yW7k1KbgbigLEjSHv3w
TLSH C0E633C988417A08DD7D05F166F1CDF840793DA6E1B4A0262111FCAFBCB6AE5C86897F
Reporter JAMESWT_WT
Tags:Hakbit signed

Code Signing Certificate

Organisation:Avast Software s.r.o.
Issuer:Avast Software s.r.o.
Algorithm:sha1WithRSAEncryption
Valid from:2020-06-20T18:30:36Z
Valid to:2022-06-20T18:30:36Z
Serial number: 825c31132fd892aab89f5b006e22632b
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: ba807998873e170100db82db155b0c266ce8882bcb2e9987c99f969ddc799a48
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'859
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06eeeac97751699903c4751be6fce5d4d453e25830e8a02cc118f41d592308c9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 05:54:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3xovslxkfuzsa6eoun6n7hf2tkfhysygdukalgbdd2b2wjdbdeq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200629-tb3z1g1tja/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments