MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f5f718eea347bd327c4e7b525d0fc1ce91d54d4b1e4da1e78e18a35f19756e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f5f718eea347bd327c4e7b525d0fc1ce91d54d4b1e4da1e78e18a35f19756e3
SHA3-384 hash: c7b3c376fffb07cbf11b57b44875d474f2f8a42d1b2c7b34c2238a376d79f75fd3d0e51bf1a30db725b4f009f4f2a026
SHA1 hash: bc42169c1f0a32c7e3187699c86b45cda47597b5
MD5 hash: e8e4b35395b0d282e4d88e169f0da56f
humanhash: utah-one-uncle-william
File name:e8e4b35395b0d282e4d88e169f0da56f.exe
Download: download sample
File size:4'164'608 bytes
First seen:2021-01-01 18:02:25 UTC
Last seen:2021-01-01 19:58:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 98304:emWi8d2BG15PMnzFwrj+Nl7X5CH7E0XB6Ze/IzG:emR8d2BG15YxwryNl7X5CbE6ImS
Threatray 65 similar samples on MalwareBazaar
TLSH BF16232236348BB5C53713F7E102446143B57E1B762DE27BA9C2BCDB38A2B524426D9F
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e8e4b35395b0d282e4d88e169f0da56f.exe
Verdict:
Malicious activity
Analysis date:
2021-01-01 18:02:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/768d8cb2-7f93-43a8-bfb2-31d03e83b1ac

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110227/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader36.31018.30757.32254.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a process with a hidden window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/572806
Signature
Contains functionality to hide a thread from the debugger
Contains functionality to inject code into remote processes
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f5f718eea347bd327c4e7b525d0fc1ce91d54d4b1e4da1e78e18a35f19756e3/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-25 22:49:50 UTC
AV detection:
8 of 29 (27.59%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
09eeb09143bbbf344c4734827f855275ca47a9e6eea0964158ce00076d12ef86
10a2b667b6294c999ff6db8e6b89ac9272aaebb1c4fa526125c646ac5c7b6b28
22ba4198dd80989673a5db96ec9a50b4bbd45931c98636aba17443d638ef937c
243e8ba43bcdb6634c77835df678964743893a30f4d2abe9596f2add2882e074
34fea0ffa5d9e73cf376929c94e5e4ab31a7781f51c0e0e08012b714e7851e4d
56223f30d25ad9e7ace44f33bf080b1b965df0a8d4f0b298537d9dcda4162052
7911f1a67c2580f0390dd9eea76d879801c77cb2e114a307e28cb3d31b23f340
9cad8f4558582a3272cb48309f0f2ed43e0613accfb88d1ac19361a1976b2913
d6964f92949edac5e3f2b740a6c2fa121eb1539f5a291ee7d4cc5cd55cadd49d
edc94fa5e8c239bd9e5ad814faed3b3d0089f63d98ffe5c70e7401652e6636ca
+ 55 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210101-zrwg6w2vzn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
3f5f718eea347bd327c4e7b525d0fc1ce91d54d4b1e4da1e78e18a35f19756e3
MD5 hash:
e8e4b35395b0d282e4d88e169f0da56f
SHA1 hash:
bc42169c1f0a32c7e3187699c86b45cda47597b5
Link:
https://www.unpac.me/results/7a97067e-0d0e-43af-a237-677f02cf49cf/
SH256 hash:
0f256359406c1ea7669c1d1aef5fb3e959f3907ae4cd5cba421c8a0f84aa2bf9
MD5 hash:
332292005633baf54f86231c3e781876
SHA1 hash:
738078cde3461cd07488758f1d6ada0f23487096
Link:
https://www.unpac.me/results/7a97067e-0d0e-43af-a237-677f02cf49cf/
SH256 hash:
aadd19a3a2fd1bc502e1e8f8cacc77fdba44a1d4c60eb648c0c01e9c7c010346
MD5 hash:
1cf0de5f777420e9d4bd4b0fbd8e68ee
SHA1 hash:
c2e848061bcc27a21c403b25e7d5ef3fef96efef
Link:
https://www.unpac.me/results/7a97067e-0d0e-43af-a237-677f02cf49cf/
SH256 hash:
e83cef9cfa4e2ea30e28843e43c60ebf8f6590fb753ad0aa5ed1123c01280527
MD5 hash:
bf99ee5fbf42797bd1ade95b109d634c
SHA1 hash:
e02abfdbca94a24a36b47d49a28360b79aabd294
Link:
https://www.unpac.me/results/7a97067e-0d0e-43af-a237-677f02cf49cf/
SH256 hash:
29a62f5fc3ffb297c48af0ff38e3fa323d6f857431880681eb41bffb8543dea8
MD5 hash:
4b8a1ae41beb73ca88134cbbe897afac
SHA1 hash:
2d7d287f37ac2132316832796bc78b58598666a0
Link:
https://www.unpac.me/results/7a97067e-0d0e-43af-a237-677f02cf49cf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3f5f718eea347bd327c4e7b525d0fc1ce91d54d4b1e4da1e78e18a35f19756e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/110227/

Comments