MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a1044e9e6e87a032f80c6d9ea6ae61bbbb053c0a21b186ecb3b812b49eb03b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 4 File information Comments

SHA256 hash:	2a1044e9e6e87a032f80c6d9ea6ae61bbbb053c0a21b186ecb3b812b49eb03b7
SHA3-384 hash:	da3c923c59536f607d8100e4e50f7a841c6cf23386d87331e267ff804a2466ad4538fd927c0f10ccd4815be81e53f311
SHA1 hash:	e0689982c9182f1c2be0e015b3c0f6e0fc6008f8
MD5 hash:	59649501055e1a6b95ac5d050b54d864
humanhash:	timing-sodium-grey-four
File name:	2a1044e9e6e87a032f80c6d9ea6ae61bbbb053c0a21b186ecb3b812b49eb03b7
Download:	download sample
File size:	1'491'968 bytes
First seen:	2021-10-08 07:44:33 UTC
Last seen:	2021-10-08 09:05:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep	24576:l+t0D9jaWAsmt2AbKd051/x6Osdu21Xq04SoQ6h/Aijym1LvbuhZUTdQ:+0gWAsmwAbKy1/YTdu21Xq0nJo/3Jb
Threatray	11 similar samples on MalwareBazaar
TLSH	T19F65338CAE49CCABCF8512763C4621675A70EB5208418C81FCB92FE5CF4F75C6EB6189
Reporter	JAMESWT_WT
Tags:	Aerospace and Telecoms Firms exe Novel RAT

Intelligence

File Origin

# of uploads :

# of downloads :

210

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/196082/

Detection(s):

SecuriteInfo.com.Trojan.MulDrop18.4271.6447.3951.UNOFFICIAL

SecuriteInfo.com.Trojan.MulDrop18.4271.5463.1852.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

obfuscated packed

Link:

https://www.filescan.io/uploads/615ff706b95458900cdf069a/reports/ec90e9a5-097d-4ef8-9663-2e25520dba75/overview

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/7a0eba6d-c37a-44c4-ad21-d903a93df83b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2a1044e9e6e87a032f80c6d9ea6ae61bbbb053c0a21b186ecb3b812b49eb03b7/

Threat name:

ByteCode-MSIL.Infostealer.Dridex

Status:

Suspicious

First seen:

2021-07-21 03:17:55 UTC

AV detection:

9 of 28 (32.14%)

Threat level:

5/5

Verdict:

malicious

18955e0d050b9ce796bd444e130c12b4428b304b0d4eb16b54f77657d8ec0379

3d13bbe7750e38414ba19fd51fe8a253d791edb6a923af31fe5d56ae17af0eec

3e4d51c93e584902549b54e3b22595a4f78a87a9eb4648be7af3b5cc6a682078

49c41771e8e348b30de43d1112221c71a6497794b541fead7f3b2eab706afba3

571fbb18f4fb9c36e5a991451316360fb81e5e537604b8fe7143b79fb3b926b5

915caf575fdbc904c0d5a3755135545f76b81bf633cdac3c98b85bd0ab76dfb6

a86d574b0b47c886fa1c8e31a0e4486d53398d58641c4c04ecdbf80e34922e33

a89639671659b81c5fcbdd2760590d6150fb4b1cd35ad0ac24ff6cdcf59bb079

db23d6f5e2123cde47f4e3178bf18063aa3270d13499991200c9074a837eff07

+ 1 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/211008-jld72sdfep/

Behaviour

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Drops file in System32 directory

Looks up external IP address via web service

Unpacked files

SH256 hash:

19e040305fb57592bb62b41c24e9b64162e1e082230a356a304a3193743b102d

MD5 hash:

3d8416cee742706e130e352ea95a6ba3

SHA1 hash:

ec374dc41d9f6a751bf876da990f99ef362e0e1b

Link:

https://www.unpac.me/results/bd5f9952-c556-4929-a238-24aaeaef3047/

SH256 hash:

d7aa669de0f8a0cdb898cf33ac38ae65461de3c8c0c313c82ee8d48e408e4c4d

MD5 hash:

c8bd4acd2977d63606362ab0375b1368

SHA1 hash:

964f4e1ab9ea3ca140e2b6323e2c80ba1fe343f7

Link:

https://www.unpac.me/results/bd5f9952-c556-4929-a238-24aaeaef3047/

SH256 hash:

e5a9aaa702d3d04b4a0da1952038218b01b8dae06e1604c6029aee92a4869c46

MD5 hash:

5300cb2a82c724731a32a29199ad1bd2

SHA1 hash:

36ae4c34468d2e31e8078286992cdd1a3c7eb70c

Link:

https://www.unpac.me/results/bd5f9952-c556-4929-a238-24aaeaef3047/

SH256 hash:

2a1044e9e6e87a032f80c6d9ea6ae61bbbb053c0a21b186ecb3b812b49eb03b7

MD5 hash:

59649501055e1a6b95ac5d050b54d864

SHA1 hash:

e0689982c9182f1c2be0e015b3c0f6e0fc6008f8

Link:

https://www.unpac.me/results/bd5f9952-c556-4929-a238-24aaeaef3047/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2a1044e9e6e87a032f80c6d9ea6ae61bbbb053c0a21b186ecb3b812b49eb03b7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_EXE_Packed_Fody Create hunting rule
Author:	ditekSHen
Description:	Detects executables manipulated with Fody

Rule name:	pe_imphash Create hunting rule

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/196082/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample