MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9
SHA3-384 hash: c4fee6d3465006597229a8fcc55de347dbf47ac20d1a21cd8cd7e3866237442e994bd3b7db66615c8a5d92bcc65356d7
SHA1 hash: 24b37881c0cf19a45a57ebd612fbf3f7fa8d820b
MD5 hash: 98e94786f88aba46fbb0e5382b1f9b46
humanhash: seven-rugby-mexico-venus
File name:PO.exe
Download: download sample
File size:456'192 bytes
First seen:2020-10-07 00:31:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'604 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:m71yTMVvta1DszCuUXqhEuAcLBg1icYU/Ep98aP7aKCLZ4cZM/HMno:m51vXzCuUXshK1iw8pHGTmcxn
TLSH 0DA4F11111A8E7BAE53DD73D4372111607F9E51A67E7DA1CBFE6C4DA8822AC80621FC3
Reporter Anonymous

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68702/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/483465
Signature
Binary contains a suspicious time stamp
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 294173 Sample: PO.exe Startdate: 07/10/2020 Architecture: WINDOWS Score: 48 13 Machine Learning detection for sample 2->13 15 Binary contains a suspicious time stamp 2->15 6 PO.exe 2 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 00:32:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eysdza6i6g77scpgrshs3eummjwhr5bzq7sjzlqlrqxxrjrwkl4q._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-9yssstfafn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9
MD5 hash:
98e94786f88aba46fbb0e5382b1f9b46
SHA1 hash:
24b37881c0cf19a45a57ebd612fbf3f7fa8d820b
Link:
https://www.unpac.me/results/fe7bb78d-94dd-4617-afc3-e280895524c6/
SH256 hash:
13b24d3a09d099dabe41cd6cd71607a77e14640b1e9b4ed2d60f6c012f191c43
MD5 hash:
109cedae3c384a1913107f1efad2b7c8
SHA1 hash:
1f7f35b0ed85fa12bb839cbce698e59a30813420
Link:
https://www.unpac.me/results/fe7bb78d-94dd-4617-afc3-e280895524c6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/26243c83c8f1bff909e68c8f2d928c626c78f43987e49cae0b8c2f78a63652f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/68702/

Comments