MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 315992fe86f3bc95dc19312739fe9e89ee80a85f94c02bbebb420919bfaec5d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	315992fe86f3bc95dc19312739fe9e89ee80a85f94c02bbebb420919bfaec5d6
SHA3-384 hash:	c4f5d8e88c8d2856d3eab2225626706bdfcad1b4e07dc461f4511ec0de3d06899d888b19e3d3f013236a30bfd4d85cda
SHA1 hash:	1006644a248bc248d1c1db6909ae886afa7d3478
MD5 hash:	9895f8fe3df4c3309b81cd5cf08c0e24
humanhash:	hamper-alaska-hamper-venus
File name:	SGQ-200875.exe
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	449'953 bytes
First seen:	2020-06-22 13:39:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep	6144:3PCganNX6s0RvwftukfjX8MpWiOPYr+NZDDsDB/oWzuI0n0WsY2OAl9p/556Nf0u:NandZ0qVzIMVOPR5DKdpZWglj5OupV6
Threatray	644 similar samples on MalwareBazaar
TLSH	80A412D3A350EDE3D93680B005759E2FAB399DBE4FBA050723847696BE736A3190F105
Reporter	James_inthe_box
Tags:	Adware.Generic exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

112

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/12617/

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

PUA.Win.Adware.Browserio-6725861-0

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/376965

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/315992fe86f3bc95dc19312739fe9e89ee80a85f94c02bbebb420919bfaec5d6/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-06-22 13:38:28 UTC

File Type:

PE (Exe)

Extracted files:

35

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gfmzf7ug6o6jlxazgettt7u6rhxibkc7stacxpv3iiertp5oyxla._file

Verdict:

unknown

Similar samples:

0e4c5cf2d1d60e4931c7af6021073006379935d688f5f55ad21fb29844d75a5a

0f24e222f76b19a0f1995c70e3711ab2b1c7e3f41c5e915796e767fce361e2e3

3c81bde8d413cadc04efa32c2754918d4a1a9c43a60181e7907cca8d31107826

581ccb74a37077703bcc314447ce7dfeec42832bad81225f1be6c214ca9bf51d

5c63c2887891a56e0465251c8112ce7a07fc70e782dbc2e80f45f670294d4285

5e23eed104a5bd67c8ae3abe1f3554abac8500bf9f916992df36246b06f14419

7ef7ff0660d406b237fd3253738d60a294c0273ca1436cf9ba87d5b2ea8d62d8

9f06ce1718cfa4e73366f82c9488b7a4aad4ddede7d7b3b51d44667607a3961c

c2f42cfcfafad77546d57cbfde6a6f4c1c75d684a81304d1ec901285b1873bd3

cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

+ 634 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://tria.ge/reports/200624-sxtyl3krp6/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Loads dropped DLL

Enumerates VirtualBox registry keys

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/12617/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample