MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c64fe15d5f111ea7d72ee90493329d95d1c1ceb5e13237f616db5a71fd149cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c64fe15d5f111ea7d72ee90493329d95d1c1ceb5e13237f616db5a71fd149cf
SHA3-384 hash: 17487bf99aa70b2f2a7731eab4e4484d8980148513ecbf1210cd220c4f9513e5800635cad8e1064d1c4c0f7600c1d70f
SHA1 hash: 88d09e8d784674c0023e8c37dad1d8e449ac8bc8
MD5 hash: 02b6802b3c3fd38db55bafaddcf625ac
humanhash: juliet-xray-oregon-green
File name:SOA.exe
Download: download sample
File size:163'840 bytes
First seen:2020-11-25 14:12:39 UTC
Last seen:2020-11-25 15:57:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:rgoYPd5XlKDzNLcmmBeCevEdDdeFN7fAdAhaS6lFEZQVRDiXPqo:MlP1wzNQmkTeydeFlfAdSiFoueq
Threatray 52 similar samples on MalwareBazaar
TLSH 3CF3F140BFBEA51FEDAD06F69864149883F1916B7487E3C11CB209E59DDEFE006815CB
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105647/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/547020
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c64fe15d5f111ea7d72ee90493329d95d1c1ceb5e13237f616db5a71fd149cf/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 11:44:52 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hrsp4fov6ei6u7ls52iesmzj3foryhhllyjsg73bnw22oh6rjhhq._file
Verdict:
unknown
Similar samples:
0403edbe4bb8c3eff01766349793871dddc0a31e6cb875dc35aaad03c491af64
0c2e617efd564557bce2248bb25254d7c5a091eba9529e48cadca43517431596
291a081e38d4d12af7da73e4fafe9d2a9e001bc88e0f1a503037b7ffedcd4b68
2e4775c5d181f37f4a0802a9982601352f0a7de1ffd74909024150572ed6522b
31b06ca8f90f735bd3b209e576db1da2a5ab7f661b58f85eaabcde2181978003
4585051dc6b7393255db1838a6ced5e5005da977ea7be332cc6540bcfe0379fc
5d0c908497b27de7918ac9e938a939ca63505dda638cc5fede5a6e067a4e325f
754415201ac666285c12b35d0fc3ab30f7fb48d7a9c9c54c8cee746be8ed4e7a
a4336636fb933c27fbd31d4d08e3c888aa6a36e915e3d783f9dbce3c93ce7539
bfad657014ecab9f87306e695510f55528dbd0a33302a71da260e77285e00c06
+ 42 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-y9c5kgfh2s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
e87284e6742ad4fe06e79fc2078e4771d07910d8b271652f62385a6dbc009b79
MD5 hash:
a0cba257a15ccb9d72d7ca0beaa1ecd5
SHA1 hash:
d9a1cc1ab22d7e9f21dd7fa294c1013600644bbc
Link:
https://www.unpac.me/results/5b73c004-313d-4fc0-91e9-61975c03def6/
SH256 hash:
3c64fe15d5f111ea7d72ee90493329d95d1c1ceb5e13237f616db5a71fd149cf
MD5 hash:
02b6802b3c3fd38db55bafaddcf625ac
SHA1 hash:
88d09e8d784674c0023e8c37dad1d8e449ac8bc8
Link:
https://www.unpac.me/results/5b73c004-313d-4fc0-91e9-61975c03def6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c64fe15d5f111ea7d72ee90493329d95d1c1ceb5e13237f616db5a71fd149cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/105647/

Comments