MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63
SHA3-384 hash: 878f57f893e8ebeabe1ada564bfa145cee4f22b85f7d7257fcfa37584115f8403b31ae0842abae944d8fa89009fad2b8
SHA1 hash: 25a6b4297a18135a959f64ed669d213024de8ae9
MD5 hash: fbbede6b2e3b2cf789c5603614a93f52
humanhash: fourteen-batman-uranus-salami
File name:agent.exe
Download: download sample
File size:1'588'594 bytes
First seen:2022-10-23 19:19:53 UTC
Last seen:2022-10-23 20:10:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a1d237bb932cee4de0462889af8a4f06
ssdeep 24576:c6dyA6Eqi5YJX3pUzyBN/jiUyJ6clMN81s3Acwhk15:zdp6Di5YTjZlwhk15
Threatray 1 similar samples on MalwareBazaar
TLSH T12475C7831DCB0DA6DDD23BF8B1D31329A378FE70CF6E4E2AA608413559532C5AD5AB41
TrID 51.8% (.EXE) UPX compressed Win64 Executable (70117/5/12)
19.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
12.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
7.7% (.EXE) Win64 Executable (generic) (10523/12/4)
3.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter r3dbU7z
Tags:backdoor exe ShikataGaNai

Intelligence

File Origin
# of uploads :
2
# of downloads :
424
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
agent.exe
Verdict:
No threats detected
Analysis date:
2022-10-23 19:22:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b0182b10-bbb9-48c2-922e-a0a0907bc283

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323062/
Detection(s):
SecuriteInfo.com.Win64.Evo-gen.6894.7799.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug overlay packed spyeye
Link:
https://www.filescan.io/uploads/635593e3339362a6061b567d/reports/0ce9dbda-0137-4566-92a3-485627fd2d37/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a506536d-db58-4ca7-b22b-4a14b3f0d16e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1096023
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-23 20:15:31 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2wd3tscywodpkbgkn7u6o44lag3fumnbhpr7qr42rou7ayjvrrq._file
Verdict:
malicious
Similar samples:
7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/221023-x132lscab5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Program crash
UPX packed file
Unpacked files
SH256 hash:
32be46e2000e2014e21c07470cb0aa24979b9ccba66b29f2034a5c73f640f5da
MD5 hash:
fa6ca006a1bd87948d4a133b81535606
SHA1 hash:
eb8e16f21a5250eadac27ff9e96ebb6d100daa46
Link:
https://www.unpac.me/results/08dd806d-560e-48cf-872f-40a6c4b9d99b/
SH256 hash:
3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63
MD5 hash:
fbbede6b2e3b2cf789c5603614a93f52
SHA1 hash:
25a6b4297a18135a959f64ed669d213024de8ae9
Link:
https://www.unpac.me/results/08dd806d-560e-48cf-872f-40a6c4b9d99b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3eac3dce42c59c37a826537f4f3b9c580db2d18d09df1fc23cd45d4f8309ac63

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/323062/

Comments