MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a
SHA3-384 hash: 365a33e90ad9a23493eb8a05cd109b9d57d26f4dfe9fdab772d56c34f50c9b9dcea7bfb8ecd9f7a834afc3e472be0214
SHA1 hash: 64e717e33ad9d590aafad09f137f8555c679f900
MD5 hash: 3e444097a710ba080d921004e26ae08a
humanhash: nineteen-social-quebec-nitrogen
File name:79slKbtScvtwoCirw.bin
Download: download sample
File size:655'872 bytes
First seen:2020-07-20 10:57:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:718oLV1q9I6/kVdSCZxRJDycod+ik4g8ylSoDCecckx7YS:jLVuaWYrE3oDgV
Threatray 29 similar samples on MalwareBazaar
TLSH F3D4BFC83B40944EC59E1EBA4E52CD708320AD46F6F7E34727C66EDE297E39BC905291
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28963/
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.13005.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/391376
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 248079 Sample: 79slKbtScvtwoCirw.bin Startdate: 21/07/2020 Architecture: WINDOWS Score: 80 31 Antivirus / Scanner detection for submitted sample 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Machine Learning detection for sample 2->35 6 79slKbtScvtwoCirw.exe 2 2->6         started        9 79slKbtScvtwoCirw.exe 3 2->9         started        12 79slKbtScvtwoCirw.exe 2 2->12         started        process3 file4 37 Antivirus detection for dropped file 6->37 39 Multi AV Scanner detection for dropped file 6->39 41 Machine Learning detection for dropped file 6->41 14 79slKbtScvtwoCirw.exe 2 6->14         started        29 C:\Users\user\...\79slKbtScvtwoCirw.exe.log, ASCII 9->29 dropped 16 79slKbtScvtwoCirw.exe 1 4 9->16         started        19 79slKbtScvtwoCirw.exe 2 12->19         started        21 79slKbtScvtwoCirw.exe 12->21         started        23 79slKbtScvtwoCirw.exe 12->23         started        signatures5 process6 file7 25 C:\Users\user\...\79slKbtScvtwoCirw.exe, PE32 16->25 dropped 27 C:\...\79slKbtScvtwoCirw.exe:Zone.Identifier, ASCII 16->27 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 10:59:02 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
31c29b9b1cee6db4cf305b1e74026561898466f13531fea132a8d4978db9e843
4457784cd62e015367ddc6a5a283b8065808ea05d483e04159624e7f5a94b1fc
50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46
5e003b33db2f80d46224cc0504b5af4011f155c523e0df7ca9f457d825e300c8
8afe8a4a3a7e665396f5f4ed454e327ebb6dc7f708ad531f913e44a334dcee7c
95e8c723b490c8ca0e85775a0d7357ac942130bd993504d84c91bbc3f55fb90c
9c70d941efea5b6a8005e5c92158d814f826c504adecb6b58d5fba7468abbdea
d5981944f6c22372071e6086b7952be5a8bca3b4961030bea0ed4eacc8f6c096
e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc
f7bc1d048862d9c11b8ed1a9b294d1d1913d2b11ca19598ec1d7f2e028dd207e
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/200720-fekb3gkw92/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/415180/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/28963/

Comments