MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 163a19745922153c4781106ba91e0823a6d58b41496dac72fdd68feb59120319. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 163a19745922153c4781106ba91e0823a6d58b41496dac72fdd68feb59120319
SHA3-384 hash: e207f00d421b19c6eee8c8c42c56b6513a9e872ca7655ab2ae8d9b7142b20d9229f9b576486b70547fbfca6dcf717989
SHA1 hash: 7ff7ccf2a76fd41c817f550c002bc08cbdab4a81
MD5 hash: 62141f50a061f3165689634a69781c3a
humanhash: beer-carolina-fifteen-california
File name:SecuriteInfo.com.W32.AIDetectNet.01.24943.13995
Download: download sample
File size:520'704 bytes
First seen:2022-06-02 22:29:26 UTC
Last seen:2022-06-03 13:30:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'658 x Formbook, 12'249 x SnakeKeylogger)
ssdeep 12288:CQEBVMzw6EN6+L+GTKbsIwPnhtFvrNmFvdLCDp9r6VQlBXK307i:CfEzNEN6+6GTisICnht1hmFvds5
Threatray 22 similar samples on MalwareBazaar
TLSH T106B4DF22F68B5667F23ED935CC61D57896A9BC47BA13E56B0DC5AECF30E1C01891302B
TrID 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.4% (.EXE) Win64 Executable (generic) (10523/12/4)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
367
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetectNet.01.24943.13995
Verdict:
Suspicious activity
Analysis date:
2022-06-02 22:30:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c3dc339a-cbf4-4c9e-bd6d-127384d0b926

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/276390/
Detection(s):
SecuriteInfo.com.W32.AIDetectNet.01.24943.13995.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/629939edb5fe347d254ecf7c/reports/398f9bcd-c645-4354-8347-efc8e7ca1a70/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/02873459-1477-442d-9b12-48db33b329f3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1006003
Signature
.NET source code contains very large array initializations
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/163a19745922153c4781106ba91e0823a6d58b41496dac72fdd68feb59120319/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-06-02 19:06:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cy5bs5czeiktyr4bcbv2shqieotnlc2bjfw2y4x522h6wwisammq._file
Verdict:
malicious
Similar samples:
049e9d7752ac8d5e6fe2aec24496009f7f6150c5a26f1291a3d01f3a77030a8c
17d984aae36806be8dd97d160c9e108bb83024f9edbbeed29d6125247cecd161
204313463b8d3b8642a66b2a85aa84ca77282eaede85ec9f532ce6c92ce762ca
3ebd890a91aecc363eee5d72c410ce016a7eadc2c5226f7ee6f6d8df6bb07ee6
43d67faf7cda214582b73174219019fb01775a839d494221f92c7e63a8070d23
80d7bee80bb433d5abf96e8ec335f07034e97d0cd95c09ae94777bbd9c83cc14
9c8ee363307d912a2dd08c563f0d9439f1041fa086cbd4920af922dded29e68d
f595ec0d00cc7f84b6eab5f191ad27a1ca06a90eef719ed0242d0e0fece43302
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220602-2er5fafgcq/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
163a19745922153c4781106ba91e0823a6d58b41496dac72fdd68feb59120319
MD5 hash:
62141f50a061f3165689634a69781c3a
SHA1 hash:
7ff7ccf2a76fd41c817f550c002bc08cbdab4a81
Link:
https://www.unpac.me/results/96546765-7d47-425f-a557-fa49d2fcd926/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/163a19745922153c4781106ba91e0823a6d58b41496dac72fdd68feb59120319

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 7a4515764cc559fd9f2accce5a4db0395f53850b4107db107f7ab98df01630c6

Executable exe 163a19745922153c4781106ba91e0823a6d58b41496dac72fdd68feb59120319

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/276390/
  
Dropped by
SHA256 7a4515764cc559fd9f2accce5a4db0395f53850b4107db107f7ab98df01630c6
  
Dropped by
MD5 c1460f7eba0f95c6a2da4869960ba2e9

Comments