MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1581a8d22f0a2261e7daed9ac9ad23948b416ce42634b0bccac485eab1feb80f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	1581a8d22f0a2261e7daed9ac9ad23948b416ce42634b0bccac485eab1feb80f
SHA3-384 hash:	068a8768cb3edc3a6f2b8498610f625d1f7dc6ee76c3316ca00c20cef0a93ddcfbb6afcb4ad1294f85e2fe408278ce3b
SHA1 hash:	13906a5ace76dda72849a439f986653b25f1a931
MD5 hash:	6cbcd7ce9af4ccb2b8c9fbb35f9d7602
humanhash:	mexico-network-helium-network
File name:	6cbcd7ce9af4ccb2b8c9fbb35f9d7602
Download:	download sample
File size:	368'640 bytes
First seen:	2020-11-17 12:37:58 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	6144:pOr9F44cTXRVdDO/nTQV0H0UEdmfWOhs9/s+wszz/izp:pc+4cTXCTW0F2zP/
Threatray	438 similar samples on MalwareBazaar
TLSH	6474D5881FA88D07C2121E3E0BB9BF39116D4FD91447DBDE69607D162BB6E4A6CC2C71
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

53

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packed.ConfuserEx-6582917-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Launching the default Windows debugger (dwwin.exe)

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1581a8d22f0a2261e7daed9ac9ad23948b416ce42634b0bccac485eab1feb80f/

Threat name:

ByteCode-MSIL.Infostealer.HtmStealer

Status:

Malicious

First seen:

2020-11-07 21:54:20 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

1f1bc6a65867b976dd8cdc00b6519b60b4da65af780f1636c447e5ebca91da96

2eaf25d2c99eb49743060031a22428bb7c8e78a99869638cfe43b977dda57f22

3f44beed7683b961aadd7837ebb51befd88369f5a0bd78858f41ad86f358a99a

41ec47ce62f13677c0c4576c97e299471072aa9ade05670ad0aefdbbd9187fca

a4c035de8a4edb11a8cfaef2f2f8326d8909578cf9d5a5534edd4eb9d5a50680

c9783969d5474b7035fab8eb6acfedd475ec7297cd8042f5a188b21c48b9491a

e9fb11df00c7a833b875f7c68fc6d5ee3edeeac7c63d85fc4897f6aef7596f7c

eea1286b7f160f458a376a7c640b076ac424fa2bdeb8460488715f8989152de2

f550770dcf3784da47ecdcecb159779c46b6a68ca2904b9832f49cf077852c8d

fe19c0cd68bc2cf6045a8a0585ec0ed3f520d4093032f6a05759b8c408b5cce3

+ 428 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware

Link:

https://tria.ge/reports/201117-jg3bnrwdbx/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Gathers system information

Modifies registry class

Program crash

JavaScript code in executable

Looks up external IP address via web service

Reads user/profile data of web browsers

Executes dropped EXE

Unpacked files

SH256 hash:

1581a8d22f0a2261e7daed9ac9ad23948b416ce42634b0bccac485eab1feb80f

MD5 hash:

6cbcd7ce9af4ccb2b8c9fbb35f9d7602

SHA1 hash:

13906a5ace76dda72849a439f986653b25f1a931

Link:

https://www.unpac.me/results/8a93df47-48bf-45b9-87e2-c87de5e9cb88/

SH256 hash:

d0d725ac912f8c512991b2e9149224dd2cba9b80c6e47183e66bd0b09a91fa4a

MD5 hash:

a7a8bd2ca28520b031f32f886b5bbcb4

SHA1 hash:

207279b9254ae90a7cee06dec3b71b3c94cc2bdb

Link:

https://www.unpac.me/results/8a93df47-48bf-45b9-87e2-c87de5e9cb88/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample