MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb
SHA3-384 hash: 64e51786e455ec73491b3dde48ee29acfac8d1dba38d4ba5a7936c48fe9d82b224a947ae6ded7ea114f26ed09e1a7778
SHA1 hash: 3f1eacf20941b10f3cd25aa8e7b83916de0984ba
MD5 hash: 9204064a80f90008a534adcc1c093d0f
humanhash: nevada-arkansas-nuts-oregon
File name:PPO040963RG02 LYNB.exe
Download: download sample
File size:936'448 bytes
First seen:2020-08-13 20:05:55 UTC
Last seen:2020-08-13 20:39:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'473 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:VoEprfMdn+KAi1K6le5gHvDYKcW7nYkK03v/py5j03Mk1cwOOaUqXBzF54AuB5:Vo8fMR+KesAgkmjFQjEMkWdUeP4T
Threatray 6 similar samples on MalwareBazaar
TLSH 4D1512153FD54928C2F68BBCE0A1B9242338794CA92BD7492C64BD4F34BF3E45911FA6
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45403/
Detection(s):
SecuriteInfo.com.Generic.mg.9204064a80f90008.32083.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/427556
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 266339 Sample: PPO040963RG02 LYNB.exe Startdate: 15/08/2020 Architecture: WINDOWS Score: 25 10 Machine Learning detection for sample 2->10 6 PPO040963RG02 LYNB.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 20:05:20 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3a401149f225ae5e95303480b98a80c0374ca1e4589d15ac79aa2b2a646f66e2
3bf9eb8aca2fb463e00a2b2666afe723f88d05a3851319ca41caa5efa12a363d
5404f329ed837bd8c8f109255711f9a8d7f5e0b05ea6e575408473834a5088bd
706c3e2ae6ed72040ab9b9c9d7918a24368288480d487e86fcc1731114656e78
b6c0b0c1a9637ebc1fb2944ab47cdbd039b29dbf7d0e979769d6d5c209a8f01e
dd900ac5b1cf790395caf7e5f5a773b0abae32e9e9314b5cb943b261e18e2b92
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200813-mvs18wygx2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/13bddc242c2435f18b5d7a188ffc824c3e69162df0a972e701b2d1faa9065bcb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/45403/

Comments