MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f15edcb2b91d9c839392479ddb8a4053e80a3ec9c158c59b1d71691ba42ee13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f15edcb2b91d9c839392479ddb8a4053e80a3ec9c158c59b1d71691ba42ee13
SHA3-384 hash: 6f8a05af9b9b0c1f922103af08c7a29734515dfad21b1768f08af53d0c9855149e7af20bc8985bdb6706dff6b346f554
SHA1 hash: 6ccfd4776a1cd2097627211012d2dea81d14bb45
MD5 hash: 7a26f1ba2ec8922a8276848fd6c637fe
humanhash: oregon-network-pasta-two
File name:7a26f1ba2ec8922a8276848fd6c637fe.exe
Download: download sample
File size:18'944 bytes
First seen:2021-02-12 19:30:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'451 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 384:QpU8HfKJOtv4oc6Wu/kTcEVeHqDRT2sB9uXSSL/JHIAGv7LZ:QpU8HfKJOtv4oc6WQEcHqDksYxLBHeLZ
Threatray 30 similar samples on MalwareBazaar
TLSH 2A821921A7E4E73BD9CE437598B3C9904AB0E2C70902D79B5CC85167AF173819B23397
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7a26f1ba2ec8922a8276848fd6c637fe.exe
Verdict:
No threats detected
Analysis date:
2021-02-12 19:37:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fd1b0748-f89d-4666-9787-41fb9a9c61db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116994/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/607150
Signature
Binary contains a suspicious time stamp
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f15edcb2b91d9c839392479ddb8a4053e80a3ec9c158c59b1d71691ba42ee13/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-12 19:36:52 UTC
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
06c523efc119e25eb28a59b9778ef4f7d738bc6bcd701c696568719ba6e6cee6
2b4672cc7cef4fa82d5d3530948969292b80b66e8b93db01c11366d01e76cbba
2eb37b1a65e93d5619e44bb3734b321c97f195a6d079386194a84a5a1617c2dc
61d9f4cbc76b7889d7d17d262b63c0fd2ee40642653063b1eb6ab84397f8c57b
887084bcfd243d9c685a80c8b94ff04b56936b6a282988a2488463ba70e7d054
8e260eb76e2774843e8e79bfb5adef7a9eb06efb28161c9101a10accb475a54a
b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2
dc6aaf7acf8b088dd2f0a3cbffd5ae7e56ed1680aeccb2ff7eecb9d56796cf68
e8234089e3729bbb6cbf5cf5deddad37b3dbe90180bc307ac8105f5f240a5b82
f1f02609df5674a0ad67ce6d2bd2f07dd7616eb2995b07f31ae431a956036ae9
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210212-vjy9hlcyhj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
3f15edcb2b91d9c839392479ddb8a4053e80a3ec9c158c59b1d71691ba42ee13
MD5 hash:
7a26f1ba2ec8922a8276848fd6c637fe
SHA1 hash:
6ccfd4776a1cd2097627211012d2dea81d14bb45
Link:
https://www.unpac.me/results/81f1af8c-0963-417a-aac2-e2030be91eb6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/3f15edcb2b91d9c839392479ddb8a4053e80a3ec9c158c59b1d71691ba42ee13

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3f15edcb2b91d9c839392479ddb8a4053e80a3ec9c158c59b1d71691ba42ee13

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1000485/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/116994/

Comments