MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11fc39cf459b554a292a4d4227671f045e5959ecc3e3e13ba1fa06510ac04d4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11fc39cf459b554a292a4d4227671f045e5959ecc3e3e13ba1fa06510ac04d4c
SHA3-384 hash: c81561e702c220fc2ad828545cd3769be3b66ba25ce50ce17843e42d5e3e2a996149f20878fdb42f5f666b63a86c55e6
SHA1 hash: 179c829d3183207b74357fc8af11554bd557c219
MD5 hash: 7263634059cf044269aec31953e2f88a
humanhash: ten-grey-fix-sink
File name:main.exe
Download: download sample
File size:962'560 bytes
First seen:2020-10-26 17:07:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:1803v7h5czH2A3fqfGDmSX13GDP8c/1x30omuCXo:18AT2qEmSdGDP863ZmuCXo
Threatray 4 similar samples on MalwareBazaar
TLSH 6425238DA7A6FB03C89E15F7A86C01947B3AC1454E53CF1F1485D0FA532F7B18D2698A
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79436/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/512540
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 305334 Sample: main.exe Startdate: 26/10/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 main.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11fc39cf459b554a292a4d4227671f045e5959ecc3e3e13ba1fa06510ac04d4c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 17:07:25 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2d5c8fa975518fd2ce9dbe0ea412b4b2e20f56706bfac1bb58cb527d6b60af14
63e8813f98c05a02ae1c868adf8ca82aabc49e5eadd33368f036440d4116849e
a02ddaa108e3ffefb5b7024adf7190b5eadbd7b73d91f7380aeaffbd01b4cbf4
b24d44a75e9eead799bb3414d25736c73c172184ba580d19397d1fc7cba3aea2
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201026-jwz2grfwd2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/79436/

Comments