MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2041d3956c7f57faada1dbb321525808811bdd7e3e88ded466296f9e2100fc73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2041d3956c7f57faada1dbb321525808811bdd7e3e88ded466296f9e2100fc73
SHA3-384 hash: 35d786e112b522869184fa195d6ed7e5cf8beef39157add8a57896ea8819bd834185e56debd43d7cb02e8ab275ec5b5c
SHA1 hash: 3521198e3bb64314f3a4e165ce9e6f0be654c88c
MD5 hash: 2f501bae8c55f9fa818547452c032308
humanhash: network-five-maryland-bacon
File name:SecuriteInfo.com.Variant.Ursu.828719.29369.25906
Download: download sample
File size:228'488 bytes
First seen:2020-05-06 09:57:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:uy/w2WQoiwcTChOL+B1L/qChOLKB1La1AYc3q+gxdnPKg+:9/wY+OLAO+OLEmb+gx5
Threatray 150 similar samples on MalwareBazaar
TLSH 50242092F24CC093DC5B2FF005E38B4165A27FA6E51084563B4A775BCA7BE11A63B336
Reporter SecuriteInfoCom

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.828719.29369.25906.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Dnoper
Create hunting rule
Status:
Malicious
First seen:
2020-03-28 18:58:30 UTC
File Type:
PE (.Net Exe)
Extracted files:
14
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1b09e1ef7e44680e2fdd5909dbae73c46ad9d4d007f9ef077acfa102a613f908
27f7e212954191d2fc10676ad69942421e904a5719cb2001149de2bb38c0610f
56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223
60ccdec92b23413b1b5391cb9923931e5b151f0f5877f1f90d730f0fede5f365
62989ab56f11701b109cddf0eb20e995c833078bb40942a8c931589497c25948
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
c3f9943448e02e2fdf9c67f35f6997a0f5b647e34b77578c00ff2a05de2f0b2b
c82e87a083563fe978f2f2eee3df1f8807a32c476882874bb3b97802ffca155b
e7521b38818f537f4ffa5eee6a843cfa1fcf4abc848e63d2c7e8402081f75c82
e9b2559e5ba7876b670ecced318041832ffbf732cf41eec6961059d266db7846
+ 140 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-eetptjtdpn/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2041d3956c7f57faada1dbb321525808811bdd7e3e88ded466296f9e2100fc73

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358634/
  
URLhaus
https://urlhaus.abuse.ch/url/358742/
  
URLhaus
https://urlhaus.abuse.ch/url/358743/
  
URLhaus
https://urlhaus.abuse.ch/url/358744/
  
Delivery method
Distributed via web download

Comments