MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07599c2094171db70e00c3f917808769d676b406b7c6842ed75cfbe2186e044b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07599c2094171db70e00c3f917808769d676b406b7c6842ed75cfbe2186e044b
SHA3-384 hash: 60932926b77ff0fbb3b0416a6b2f09a66fe0d54201fe90229d288d60ca8e8008620eae4bcf2f02085b3cce01b3a6ec75
SHA1 hash: 7d0211ba92a9f1131c982298bb6230fbc42178a2
MD5 hash: 85b2601da3f35378c8d9734a956be760
humanhash: snake-fourteen-sixteen-papa
File name:SOA.exe
Download: download sample
File size:1'080'832 bytes
First seen:2020-12-17 06:45:55 UTC
Last seen:2020-12-17 14:19:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 12288:eQ7S2vxyCWslmy/jT+D9eR0YyuddxGFElI4KQzMvsgkswTWZl6qINAE6t3K/v8pC:eQmTMRFjdHDsmKsLpqINAEw8N3
TLSH 7B358C2436E95B19F137EBB956D4758587FAF633A316D45E3C9102CB0622F00CE92E3A
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SOA.exe
Verdict:
No threats detected
Analysis date:
2020-12-17 06:59:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4b124629-7b95-46d8-aef0-d1b5ad96a193

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.474.22569.5072.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/564970
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07599c2094171db70e00c3f917808769d676b406b7c6842ed75cfbe2186e044b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 00:59:20 UTC
File Type:
PE (.Net Exe)
Extracted files:
27
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a5mzyieuc4o3odqayp4rpaehnhlhnnagw7diilwxlt56egdoarfq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201217-367dq6qafx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
b44c084d6d0cccf9a32d90500e249bb2735cf5cca82a5c475b8b6a4fdfd42b3b
MD5 hash:
8084b5c94eab5ffa29eefd164cde4013
SHA1 hash:
06e8618d22a6671dd23707f05a0611c1cc344ff5
Link:
https://www.unpac.me/results/5dafe8f9-bf0b-447a-bfee-e8fcd2bd63f9/
SH256 hash:
07599c2094171db70e00c3f917808769d676b406b7c6842ed75cfbe2186e044b
MD5 hash:
85b2601da3f35378c8d9734a956be760
SHA1 hash:
7d0211ba92a9f1131c982298bb6230fbc42178a2
Link:
https://www.unpac.me/results/5dafe8f9-bf0b-447a-bfee-e8fcd2bd63f9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/07599c2094171db70e00c3f917808769d676b406b7c6842ed75cfbe2186e044b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar ebe6262a7c37818d945735f54581322ee10a1d86a2aa1dff3a0b3db8aa1f294d

Executable exe 07599c2094171db70e00c3f917808769d676b406b7c6842ed75cfbe2186e044b

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 ebe6262a7c37818d945735f54581322ee10a1d86a2aa1dff3a0b3db8aa1f294d

Comments