MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f9626653c8358d4e8315b97feafe2ed604ff67a9a159d47219685b2e15c1665. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f9626653c8358d4e8315b97feafe2ed604ff67a9a159d47219685b2e15c1665
SHA3-384 hash: 11f883203f3c6630a661c75b2bddf65b8917c5e8a3b94506539b87465ba83474112c11a5b34152e458edbecf532bac60
SHA1 hash: a61c43ab3544a8ba53661de212741cb9368cdb9d
MD5 hash: ea88caee731920b390e588b51caad38f
humanhash: utah-football-winner-foxtrot
File name:SecuriteInfo.com.Trojan.Siggen9.53721.11492.17139
Download: download sample
File size:2'439'784 bytes
First seen:2020-06-25 10:52:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 49152:JXemj8mPRNhtIONSS78xUWaT0Y/NVaVjJFsSE2z7ZVl+C/4ZOjpUMji:d9j8aRNhtrRZT0Y/jYEK7ZVlsIjpli
Threatray 1'143 similar samples on MalwareBazaar
TLSH 03B523C1D189EDB1D41B11BAAD3BDD10262BFE5A82B48A1B354EB42955F33832137E1F
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14203/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.53721.11492.17139.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f9626653c8358d4e8315b97feafe2ed604ff67a9a159d47219685b2e15c1665/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 13:02:40 UTC
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1d21886bb28a6dfb2f331cb95cf7b74dbb5ae79dc70bbcd7451f15afd53999e1
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
500ae25cf76e0cc069f42128aeb1a96072b6d0281a6ed2ff6d0b0a26b4e9556a
6b8bf8c2cdb85f131adedd2f3a622e0d24516f2da61643957ea12dc559ba78c9
73cc33d200ce22012733ea7c3fa8d03ef3ea65164497314d7d05b2992892d4e0
a4315c283bbfdb4d8272f5f490346ccd13071e732a8a6f710d900f556de752de
e1c2513c906bb4f53b2ea2ec8fc675000e5a49daa84c35a2963c63148187a25e
ec9d801b120855fe926902234e77c60d5a0c8a115a977fe49e6b6b1539e0db51
f0caa55fec8b5afbb9799bc2bcd8d965ef420e1138e38ef94c65a6a2037042a3
f2535caecce2737920213eb3f84ad8f9cb783d4562303bfad9bcdbb7749d1c01
+ 1'133 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware evasion trojan
Link:
https://tria.ge/reports/200625-ab2sxtm182/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops Chrome extension
Modifies system certificate store
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14203/

Comments