MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40fd6a0b671a0e5074a206201f57f7731a0d01baab5874b28a9b0f019a451c5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40fd6a0b671a0e5074a206201f57f7731a0d01baab5874b28a9b0f019a451c5a
SHA3-384 hash: 070ce1d870fcdb42a63553798aa6d6d3a4f1b6db0da42f414726b1622a5896cc13f62ca3c67d2b7b6ac127e5ee9638d6
SHA1 hash: 2e9604eade6951d5a5b4a44bee1281e32166f395
MD5 hash: 265cadde82b0c66dc39ad2d9ee800754
humanhash: zulu-eighteen-network-massachusetts
File name:keygen-step-3.exe
Download: download sample
File size:894'464 bytes
First seen:2021-09-07 18:05:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f6ef2fc23ca2d85215ddcf8b4448b79f (1 x CoinMiner)
ssdeep 12288:8jCwd+3hwSk5EYjUpfRNHpU1/QQ21fg7n7rOQm1/EMKK9kE8D2sMJnKhUGis5smD:8jC53hATU3NWSq7n7ry3Z62vn4b5HAl
Threatray 23 similar samples on MalwareBazaar
TLSH T17715F09D0402FA09EF53F5B7797D170810C0BD9B66BDA0A32A838F67B05D47EC6AE191
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Start.exe
Verdict:
Malicious activity
Analysis date:
2021-09-06 22:18:20 UTC
Tags:
trojan stealer raccoon loader evasion rat azorult fareit pony redline opendir vidar
Link:
https://app.any.run/tasks/a6f41b13-55e4-4171-bab3-4a8a1c29e0fb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186111/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Reading critical registry keys
DNS request
Connection attempt
Sending an HTTP POST request
Sending a UDP request
Creating a file in the Windows directory
Creating a service
Creating a process from a recently created file
Sending an HTTP GET request
Enabling autorun for a service
Deleting of the original file
Malware family:
ServHelper
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3261a18a-a5ab-4a8f-a4d8-f58d7e52f782
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40fd6a0b671a0e5074a206201f57f7731a0d01baab5874b28a9b0f019a451c5a/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 11:13:47 UTC
AV detection:
28 of 43 (65.12%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
059cd9bb3ad74aa7d4a7720c03e07114e89f770dd76523f56febd95f408b8cd3
12bbe24de7cb5efda944526935ce54a013d93d99b366b9f74a19828ddc987ebc
1863a7088799029acf04f2ed7b2ce4d473f27df19a36e373f1a6287aeb77ee9b
2d80eb1f45fbbfa834211cb26597c463d3033217afa53cd9727f4030cf25e122
47b989b710739b1c88408ca9bf1b4e833cdab68b4c205c5bcbd94bec501c9b80
5397b6d592556e4d65cd442190cfbcba5b3d253b0fbfcc0a16f1c6f2b48a58c4
b11bd18587058601cde1be46ec722f2ddc96fddd976f3a263e4d0358e8e08865
b88584dde985bb05eef183a2f339bef9ebdf7adf3b7ce58a71e78e638e6a2123
da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210907-wprnrsgcgp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Deletes itself
Executes dropped EXE
Unpacked files
SH256 hash:
ef618962781ffb62c4d38815495a4fe5445fd5ed23a55546e6619f9fdc985d5f
MD5 hash:
b2ab1d0c89cffc2ad68e32487ed661a6
SHA1 hash:
25e52c34e0947e1c7f54e2adfb985b87dd9477be
Link:
https://www.unpac.me/results/81bf3316-e601-41c7-a1b0-3e574293d08a/
SH256 hash:
40fd6a0b671a0e5074a206201f57f7731a0d01baab5874b28a9b0f019a451c5a
MD5 hash:
265cadde82b0c66dc39ad2d9ee800754
SHA1 hash:
2e9604eade6951d5a5b4a44bee1281e32166f395
Link:
https://www.unpac.me/results/81bf3316-e601-41c7-a1b0-3e574293d08a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/40fd6a0b671a0e5074a206201f57f7731a0d01baab5874b28a9b0f019a451c5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/186111/

Comments