MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
SHA3-384 hash: 291fbd3aeef5d4d41051bf57d3260fa23c3f8c73f5774c6dc799746584149ffcf8b3471559d5876839bfefb5dd587cb1
SHA1 hash: 6b527fc7232188e3afcace62f625df406af548be
MD5 hash: 1daec173bef2d6c442c4a59db74be63d
humanhash: hamper-hotel-moon-four
File name:146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
Download: download sample
File size:990'848 bytes
First seen:2020-03-25 07:57:08 UTC
Last seen:2020-03-25 09:32:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4328f7206db519cd4e82283211d98e83 (533 x RedLineStealer, 18 x Arechclient2, 15 x DCRat)
ssdeep 24576:gIWpOjw5Puy21tpbzRD8DOR65HeXhHO2oPy:ZW75RS/zRD8qR65+XhHYy
Threatray 160 similar samples on MalwareBazaar
TLSH 322533F48B20212FC2FAB33995E6505BB7FBE81D97680291F7DF06B3BB101446B52621
Reporter JoulK
Tags:BlackNet RAT

Code Signing Certificate

Organisation:lvgxtgh
Issuer:Ascertia Public CA 1
Algorithm:sha256WithRSAEncryption
Valid from:Mar 21 15:56:02 2020 GMT
Valid to:Apr 21 15:56:02 2020 GMT
Serial number: 19AF023E56B07C102BEC85D1070B134F82974751
Thumbprint Algorithm:SHA256
Thumbprint: DDF2D7DB180B65DA3E10C4E050329B7F0A609D73D4AB0AD92A3AB191D37AF429
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.19953.13380.32495.UNOFFICIAL
Create hunting rule

Result
Threat name:
BlackNET
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/336240
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 02:00:41 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
138186892d63fe3b0d5f8c62bd3b11737392e22fd5fd68f32dd5612e78a6407c
1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
1cc84d3c06c9a283218310ac6d69e7161fd7605339b78035747c6f51021475ff
389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf
5a990dc0fd270a6db7f4089bf63dbc1584038e00c6e2acd48e959b6e6fc06dfc
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
c5aa2a24607b845bd3fa1f856a072061ef62831a5dc138eba9e8199c3cc10696
d47f5168e5b3b521b9e2722207e1fcf5be168c8dab409ffd575cba8c08fe1f9e
f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c
+ 150 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/12b43f23-187e-4e9e-873e-ae35a9166915/
  
Dropping
BlackNet

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical

Comments