MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865
SHA3-384 hash: b6a70494470dd8fc3a394cb5e69df88e2dc72b41fa1619ce1fd29e08890630ba0f6588227bc03af73203499b8568049f
SHA1 hash: 815440fed57bb31e7c29d806ab777d70ec5f3501
MD5 hash: c5d0b2e66a72ba3c624006db1df9b34a
humanhash: delaware-rugby-washington-yankee
File name:2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865
Download: download sample
File size:2'461'696 bytes
First seen:2020-03-23 18:44:00 UTC
Last seen:2020-03-30 07:06:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ba63607bf6c1518476ac6c043b9f43c0
ssdeep 49152:nqAJbRpSracStm/MYpcyJ+UH57ahHmvdlWubl5gqCZ1sBpfEgs24:nqmfSracStm/zpjfH57mHK2ubl5VCYB1
Threatray 14 similar samples on MalwareBazaar
TLSH 94B533F6746751CFE0E6D4B94FC5417218059E2AAC8C44136A3C26342712FBD6E8FBEA
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Enigma-7138318-1
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Troldesh
Create hunting rule
Status:
Malicious
First seen:
2018-08-29 16:37:19 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
18 of 43 (41.86%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
ec837014dcb222fd3780d0730e297c9a09786cc57a42a9da092c9199c1f9660b
f4901daf97516f9a9b54233dd81810398de07db40d47072f37d90b4225387fd2
+ 4 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/128701/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (uiAccess:None)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System Shellshell32.dll::ShellExecuteA
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
WIN_BASE_IO_APICan Create Filesversion.dll::GetFileVersionInfoA

Comments