MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21e80aeaf1cf8f6fc402adbe6dda4801da9f5b57bbf3844692004a5c97d46335. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21e80aeaf1cf8f6fc402adbe6dda4801da9f5b57bbf3844692004a5c97d46335
SHA3-384 hash: 3436713c69de1c61c6b8f0df3438814769b2844e130499aa0c987c0536f9cc2648929732490da26ccefd753781a1fef1
SHA1 hash: 68a6ea8025f450d0a88dff3452e4c8d319a0323e
MD5 hash: 07890ebfdb722096110a65a3019b05d9
humanhash: winter-comet-seventeen-monkey
File name:21e80aeaf1cf8f6fc402adbe6dda4801da9f5b57bbf3844692004a5c97d46335
Download: download sample
File size:126'449 bytes
First seen:2020-06-17 09:33:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'649 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 3072:XVS7HeUlNLBI4tJqCt+9b9pEdNzCoIAk:l2H1HLNtK3p/rj
Threatray 853 similar samples on MalwareBazaar
TLSH 23C3E00DABD6C712CB484A73C833969016359EA556ABE72E55D87F311E738ECCD83E80
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19415/
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2015-04-25 10:39:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2611cfa6bcd3f7091295874a0ec377d442b3075a546c6bbc9d07060a9c31cd49
276a602f80ffef482b3387d2d8e9f6b7b71db5344a5ad0d8a5514e3c5ee0948d
32ec92b57297749ae4e4cc6299579355e77573ffdf0b125d1f65ebcc62b9fbfb
aee8ac76d0269071bbb702bb59f37ad12f7a42844af9d9522fa39e49682c3be9
bedbcb43340c9c07dc601b696dfa3278df0c68ecfce2a4fd893a7b5e56a01de1
cf67bb4f199395511b86a941b499edc0c34a4a3b12fc3161c0a5ef479f0b6601
e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca
e4aae9a8a9103086b7232aa674f4ba296e140a4baaa01eb86b0cd79305a5fd13
ebf0d8a9efaffe98c9bc9aabb24d9dee32a7662dca50e4010cc706c091463375
f8e79509055e8e73a467ac3fc37c303ce1968417c0d4cc76df99af32cf692f02
+ 843 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/200624-36b1w2t32n/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19415/

Comments