MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 330662b9121761f04693442e1a7d9d847c5ec530b347f09af6b36201384bca21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 330662b9121761f04693442e1a7d9d847c5ec530b347f09af6b36201384bca21
SHA3-384 hash: 5d17154de95e3dd94d8ea9dcab86d20e737a2aa0e7d32ee49f0c029de2704571848631ca3268f172645dd0c14d7284ad
SHA1 hash: ff2af795f34eb09aad9f6eb86b008a6669abc7ce
MD5 hash: 1d46f95c2f18ed22f6be01be11f4fd57
humanhash: lion-september-floor-sad
File name:SecuriteInfo.com.Trojan.MulDrop12.11735.8133.17847
Download: download sample
File size:3'630'592 bytes
First seen:2020-05-21 00:03:25 UTC
Last seen:2020-06-04 12:34:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:wHPlcgkHMk3YFzI6ppnTMv0qseOgvzXOQWBDb7B9VNXPJOyQgLym4eUh0myIHWRY:9HJmIMpn0dtWfFXPMeUmmyI+yzB6q
Threatray 30 similar samples on MalwareBazaar
TLSH 30F53B06FBA100D4F5BBC17995AB222DFC7938E1473896D752C45A8E4B31BE4BD3A702
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4454/
Detection(s):
PUA.Win.Packed.ConfuserEx-6391397-0
Create hunting rule

PUA.Win.Packed.ConfuserEx-6582917-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Antiav
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 03:35:16 UTC
File Type:
PE (.Net Exe)
Extracted files:
29
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
01f0b05574fcb3c10aa17fcbc2543497c2b7a6747e06e34e5e30070a2ce51bdb
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
109230b81c5025e202292bdad8bb868569245c98bae720cef3e19c23e926d175
15fa0bc1864e5af21b28f16b0c1d56e53880cc6f70f0a0e9faac5dca06304b88
17e0971dd39c6cede948706786eb03cdd7077028dcf94ae3d16a03356256a1d3
1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff
3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73
67348aa265e2504aa1a048466a767b016b3369dc0203f48eae80342102af54eb
c210625165f0448f38cf697f157e7ee48ca4acd84d125b41037b308e9f31aba4
dadcf3ef1ba5f212ec2a93a34e414eeb66588309132d85ac1d686b7a23ef3687
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-2e9357jb4n/
Behaviour
Kills process with taskkill
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Program crash
Modifies service
Drops startup file
Loads dropped DLL
Modifies Installed Components in the registry
Executes dropped EXE
Modifies AppInit DLL entries
ServiceHost packer
Modifies system executable filetype association
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 330662b9121761f04693442e1a7d9d847c5ec530b347f09af6b36201384bca21

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365601/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/365620/
Cape
Cape
https://www.capesandbox.com/analysis/4454/

Comments