MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2af46f4cd0f565e48c953a7e2d6c98fd03457433724935485a3a9f95b5cf93e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2af46f4cd0f565e48c953a7e2d6c98fd03457433724935485a3a9f95b5cf93e4
SHA3-384 hash: 828b0ed83bf43f732d67f7f3b5461ccad7b8f5d1abd079989724d351ce57f74d0abca48f4321e24ac2dad95107f1268e
SHA1 hash: 3a35d4e729e07ddd8033ee4ac5cd0cc2ad63f997
MD5 hash: 96c52736ef92067e534dee976941bc0c
humanhash: happy-lima-five-island
File name:96c52736ef92067e534dee976941bc0c.exe
Download: download sample
File size:995'016 bytes
First seen:2020-10-07 10:36:57 UTC
Last seen:2020-10-07 12:24:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'797 x AgentTesla, 19'710 x Formbook, 12'278 x SnakeKeylogger)
ssdeep 24576:9dOv8/rETSxNmJM5JpAj8x17isN5y+pbS2L7dkV5U:9TrETSxNmJM5JpAj8x12sN5y+pbS2L7h
Threatray 17 similar samples on MalwareBazaar
TLSH FE25D451B3FC5729FAF7AF7CBD75D96508BABE6A6822C56C1508104F04B2F808971B32
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
troj
Score:
27 / 100
Link:
https://www.joesandbox.com/analysis/483976
Signature
&
(
)
a
b
C
e
f
i
k
l
n
o
p
r
s
t
v
y
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 294431 Sample: u8JVpgxRsR.exe Startdate: 07/10/2020 Architecture: WINDOWS Score: 27 18 Connects to a pastebin service (likely for C&C) 2->18 7 u8JVpgxRsR.exe 15 2 2->7         started        process3 dnsIp4 16 pastebin.com 104.23.98.190, 443, 49727 CLOUDFLARENETUS United States 7->16 10 timeout.exe 1 7->10         started        12 WerFault.exe 23 9 7->12         started        process5 process6 14 conhost.exe 10->14         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2af46f4cd0f565e48c953a7e2d6c98fd03457433724935485a3a9f95b5cf93e4/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 06:09:10 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2522efe470ad0d93620f8fd8fe27ac84b3bc36e163f8a199120ad99d8af77f5f
34914f4c50c096b6fdd81a5b4e4459e52cc0d5e6527a7edef207e81592ea4709
47816266a181f4e6c32529f14dd3e40c420510a9bf4982288d6b2c30d13ff3ad
5721caf58487fb47214366a352f663b5bab915ca04ec1466467ec2d96cf03f83
a3510ca0d8cbd8fb1035c1c59a8781abfc1e463d0429e108c242c23188f1adcc
bebf4581c4ee43e7b17f63b005e6dc9fb6ebd6ad5415dde0142aa8ac38d90376
cd34053691fae92e42fc3836d8d93844b8c6f43a0c0bf826a935efafea693e7e
d7e75a0a8afcbc738cf4d9664ea6eb05f2ff4bd449efb042e2f7ab5ea6d68ce4
e1a09abd8db2b63d25745d5ffb89ed1f0a275d525c4f0350f65f6e2c128b8477
e9ef69bd0b38ec9381f02d44dd893c75ac6c1e6a96f4e320416636860d05d398
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-6322zk5qq2/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
2af46f4cd0f565e48c953a7e2d6c98fd03457433724935485a3a9f95b5cf93e4
MD5 hash:
96c52736ef92067e534dee976941bc0c
SHA1 hash:
3a35d4e729e07ddd8033ee4ac5cd0cc2ad63f997
Link:
https://www.unpac.me/results/500ed175-2078-45ec-ac17-e7bbd333ba98/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2af46f4cd0f565e48c953a7e2d6c98fd03457433724935485a3a9f95b5cf93e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2af46f4cd0f565e48c953a7e2d6c98fd03457433724935485a3a9f95b5cf93e4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/660433/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/68879/

Comments