MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26f0b8ed8738f2d1c0c3bf8aef95a6ab4a2b8e84759517b4d5f472e504297451. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26f0b8ed8738f2d1c0c3bf8aef95a6ab4a2b8e84759517b4d5f472e504297451
SHA3-384 hash: 1abe168fc1059cfb927b2429e3bd0600a3e7f3c97505567b81d1b9f144966bc3c193f9fec0505b6c350bbbf4d174ddb2
SHA1 hash: 69c9c0302588b4b50fd882e1cb7199e7be4b4e96
MD5 hash: 13ae0f94a8dbf3b2e3c18d63807a081b
humanhash: carbon-failed-cola-sad
File name:13ae0f94a8dbf3b2e3c18d63807a081b.exe
Download: download sample
File size:54'272 bytes
First seen:2021-02-01 09:39:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 768:Q23vUKRFUxyfpO2jSHqd+en5daY/Qt2N42KXxS2KmPJjC4jsyjoofwNb:vfUKRBpfjP75daw/NuX02KmdCCno1Nb
Threatray 6 similar samples on MalwareBazaar
TLSH 34333B90338CAF06E5EBA73A39533153A7A3E8C6757F4B60A734172E14626841F27B03
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PURCHASE ORDER.doc
Verdict:
Malicious activity
Analysis date:
2021-02-01 07:29:05 UTC
Tags:
trojan exploit CVE-2017-11882 loader opendir
Link:
https://app.any.run/tasks/fda770c2-6b51-49f4-aa3f-f5c03f7b45f6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114444/
Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/595157
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 346618 Sample: bs6leXBDU6.exe Startdate: 01/02/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 bs6leXBDU6.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26f0b8ed8738f2d1c0c3bf8aef95a6ab4a2b8e84759517b4d5f472e504297451/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-01 08:27:24 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
403943dce6fbb57dfaf602189ee84bcef2ac109b952027bff8e1cc49c6b81d9d
41fc81a9ebcb9f6405555db22b71ca764939d1dbcf113e446418e3cb6d394184
7179990cc014c59712993dee1c861d3b8fa84e53d867d562e49b14d3d2cd1a16
8cd8011d9b6a0688383595add4c6b57a6bc1e57e61e0809ff6d8733d31627da6
b658c47b2d03bc174f5c4b836fdd467447a51a2c7ec1079d5d7ecb297233e4ab
be58c5a9b65b632caee17b47286f47e1e463441b4ecc567f0c23f1fcfcce4587
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210201-dwgxz336g6/
Unpacked files
SH256 hash:
26f0b8ed8738f2d1c0c3bf8aef95a6ab4a2b8e84759517b4d5f472e504297451
MD5 hash:
13ae0f94a8dbf3b2e3c18d63807a081b
SHA1 hash:
69c9c0302588b4b50fd882e1cb7199e7be4b4e96
Link:
https://www.unpac.me/results/3ee34a3c-aff5-442b-9047-1450f247d98b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26f0b8ed8738f2d1c0c3bf8aef95a6ab4a2b8e84759517b4d5f472e504297451

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 26f0b8ed8738f2d1c0c3bf8aef95a6ab4a2b8e84759517b4d5f472e504297451

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/986062/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/114444/

Comments