MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 30898e79c019a359c6bc25a0217531494c12cfe62384beadc861eb622b811378. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 30898e79c019a359c6bc25a0217531494c12cfe62384beadc861eb622b811378 |
|---|---|
| SHA3-384 hash: | 22c832605b66bea4a8dc4e4591c00588a68cec601b1066cc644a4d4ac09f4ee724d2e014a88fe3dc1235c77099f148fd |
| SHA1 hash: | 5cf03bde4365b037f1ff9a2af493269f3c954af2 |
| MD5 hash: | fd012a65b1b56f92803132da954d755d |
| humanhash: | july-stairway-seventeen-triple |
| File name: | 30898e79c019a359c6bc25a0217531494c12cfe62384beadc861eb622b811378 |
| Download: | download sample |
| File size: | 2'271'997 bytes |
| First seen: | 2020-03-24 07:38:18 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla) |
| ssdeep | 49152:5IvbVLbcNIV3Cc/imF1nY8LzPq/foJcjpMMn/D27MVAjS3q:5ITVHc2V3b/imFCUzPq/foJJuLvVSYq |
| Threatray | 253 similar samples on MalwareBazaar |
| TLSH | 42B52312F7D688F2D46609304565B721A23C7B301E28EE8F67D04E9D9A791C1E73AF63 |
| Reporter |  Marco_Ramilli |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Shadowbrokers
Status:
Malicious
First seen:
2020-03-08 08:14:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 243 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 30898e79c019a359c6bc25a0217531494c12cfe62384beadc861eb622b811378
(this sample)
Delivery method
Distributed via web download
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| GDI_PLUS_API | Interfaces with Graphics | gdiplus.dll::GdiplusStartup gdiplus.dll::GdiplusShutdown gdiplus.dll::GdipAlloc |
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::LoadLibraryExA KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoW |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::AllocConsole KERNEL32.dll::AttachConsole KERNEL32.dll::WriteConsoleW KERNEL32.dll::FreeConsole KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleCP |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateHardLinkW KERNEL32.dll::CreateFileW KERNEL32.dll::CreateFileMappingW KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileW KERNEL32.dll::MoveFileExW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.