MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c74ee33301b9e985ee7f8040f12678fff3743fc250cc04230e54a2150dcc642. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c74ee33301b9e985ee7f8040f12678fff3743fc250cc04230e54a2150dcc642
SHA3-384 hash: 47d7ab0aa027e2bd30dc0d2573bcbae4e9658f65a5e052f6d66b78769fc43e2c808b19b7f34dbb1366427afb26d3a92f
SHA1 hash: e81fa91465688002f9dfb005cd69c5c6288304e2
MD5 hash: b3fd1c2fb236729651c04569501738cc
humanhash: neptune-pizza-tennis-queen
File name:SecuriteInfo.com.Trojan.PackedNET.278.8749.29398
Download: download sample
File size:209'408 bytes
First seen:2020-04-16 21:35:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:QNdORq8LpYE4WUXHZJ1ziWxKbCsmrgIYausq:QNkQ8tYX5H1+WxLgIYj
Threatray 826 similar samples on MalwareBazaar
TLSH E424F104169C573FEA8C49BA9863D28647F8D52931E6F356AE1D10F20D477FC9A0A3E3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.278.8749.29398.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 17:02:14 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2331837cf27d223a23b000cdf14f026c383a628ae69d516726b19fcb9424359a
29136bdbff007062bd56998337f154321f1ac1414cd2e45ca13b48e2c3d7f312
365759dd03965a10bfb50c17454055b0272a0cf33b78aa78441ab6cc996e1090
41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3
5eb9ca5476eb4c9c83bbb5d6bbb7ff90474749121e2e063bbd9e988c4e4917e2
77642de174198cae37f2b0ce29eb087f138800df44a79bd0e589962e9fc64e36
7d4ece884460b1bf17b3de45eaea64b28f2bee38e8e29265816d33f134873886
8425c75594dede14f2b9c7810e6c8824c7666329eee6866beed84e1f7674bc70
886abe57efb7bac7a4de25e009e8b89d314e6737ed3b10e29c8cafb9206c651b
91236da59c95dd764f85a84297238f215ef0cd3d0fbc37f2a2f15d2f302e2dfd
+ 816 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1c74ee33301b9e985ee7f8040f12678fff3743fc250cc04230e54a2150dcc642

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/341680/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments