MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25ef2158460a1be27e3c1974883ada170bd1ccd66c270bf05c36f6b8e758a50e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25ef2158460a1be27e3c1974883ada170bd1ccd66c270bf05c36f6b8e758a50e
SHA3-384 hash: 931706a690c92b9a4fb34313869bc9dd1f415cdb99245e1af12adc1fcc68dfa209fbbe7fde07a4be438f3733d7ddb8d2
SHA1 hash: ae0aa7a960798a3cd1d5e53475904f94b3903d32
MD5 hash: b0b2798269d22ad1882254fa6743f888
humanhash: apart-friend-kentucky-december
File name:b0b2798269d22ad1882254fa6743f888.exe
Download: download sample
File size:21'416 bytes
First seen:2020-11-11 16:18:36 UTC
Last seen:2020-11-17 14:55:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 384:GoSTBGugESCq/P/ZEXNyOtsO0M0LOl9P4wKWGP3hWDgf2h:GxTBGCSL/XYO/Mll9wtpPhWUf2h
Threatray 38 similar samples on MalwareBazaar
TLSH BEA22A20ABD4D831F57EA73112E2D1B41B73FFD16320CF6AA6CE70594D4239A1E151AB
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/531511
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 314856 Sample: Uxp47GKrdf.exe Startdate: 12/11/2020 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 Uxp47GKrdf.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25ef2158460a1be27e3c1974883ada170bd1ccd66c270bf05c36f6b8e758a50e/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-10 22:08:52 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
404f5e208504a3cc7541fffb203db6bd135373f0ae0b9dc88d84e57464539dc5
42f380a4730febf7e17ebd7e610ba0f727d6324f9c68317df70c0e0bbebd9290
433c68e89fe741e7ec59e064861baf726ab0b8637849d9d92fa5e3a2819d211c
4a09bedcd448deaaaff205dabbc19a34f5b47a9714ac85a5a827c0aabeb2db7f
82111ffe99296ab2292bfc56a031ae1daf701520ead377ee34e4a72f31c75285
8a290b72c3abedee23df097a5dc65d879f05e2ef1c214c19be8eed0a73528e77
be668820f01ddc624a59e45556ee918ac38991b437c675d4c67be6cdcfc23553
c805a81435618323cd34e9729b058df78e9c496d1d6c752cc3e5c7cb30f26613
d55bd71d4425756d7412d97dd2e0c53203ba40fae381c980322aee5682acc79c
e7a711a237a82cd9dba1eb8407ada18fc00bcd7f510f061e8291cc18e43d3528
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201111-a8rfras9pe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
25ef2158460a1be27e3c1974883ada170bd1ccd66c270bf05c36f6b8e758a50e
MD5 hash:
b0b2798269d22ad1882254fa6743f888
SHA1 hash:
ae0aa7a960798a3cd1d5e53475904f94b3903d32
Link:
https://www.unpac.me/results/bb87b3be-9254-4e2a-b1c6-e71e6921e3af/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 25ef2158460a1be27e3c1974883ada170bd1ccd66c270bf05c36f6b8e758a50e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/803871/
  
Delivery method
Distributed via web download

Comments