MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4457784cd62e015367ddc6a5a283b8065808ea05d483e04159624e7f5a94b1fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	4457784cd62e015367ddc6a5a283b8065808ea05d483e04159624e7f5a94b1fc
SHA3-384 hash:	8a073257b151060494f85da339b19b3c2b1556578a20871ded5101f4d9d94ad981d9492a1ded7ba37d46dfad9cb4140c
SHA1 hash:	56b0cd262d48f1b430b7a708096cc874001dc879
MD5 hash:	4de9472e4e66959459afdc0ecf77ac3e
humanhash:	mississippi-fish-floor-michigan
File name:	9582f98094988cb23f9110a16e36a2af.exe
Download:	download sample
File size:	10'752 bytes
First seen:	2020-04-07 19:22:00 UTC
Last seen:	2020-04-07 19:45:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	96:KQnSB49fUbPqEow7KJMOA6vT7rins+Xa+IyUPhdxdzMToSPgXCExRqn+UE3B3Im5:KwhUbPqElAMoP8s4hIVPhBz51Xs4f1Z
Threatray	32 similar samples on MalwareBazaar
TLSH	1A22C821A3D8433BCEBA0F3658B612500276F745D926CF6F2C48526D8D673A44A73FB6
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://onedrive.live.com/download?cid=72EF66C14DF86B76&resid=72EF66C14DF86B76%21174&authkey=ALCPCDSRBmZeJq8

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.CoinStealerNET.3.22463.22476.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Clipbanker

Status:

Malicious

First seen:

2020-04-07 19:36:54 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

20 of 31 (64.52%)

Threat level:

5/5

Verdict:

unknown

1de9da3a2c6effe9e9eae16a0d70fc19c633e479073f308a666665b0628e866b

1e5ae0cad52869f12ca373c2e29ab46758f723060291f611fd6e1512ac0480aa

2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a

50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46

8cf30db30a532af1eda7d1107cd54bad004d85daacd73bf86cb440dc3e87e78a

baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84

c2bd51c9e593f313136de4d7f9179be2f9c35b54acf9aa51816d32a9c1cf7d65

d5981944f6c22372071e6086b7952be5a8bca3b4961030bea0ed4eacc8f6c096

e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc

+ 22 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

28b4c1a2de4cd62e8c20ec7e4ac29dcdd1985f6bc3f6b258a6ed482ae1bc0178

exe 4457784cd62e015367ddc6a5a283b8065808ea05d483e04159624e7f5a94b1fc

(this sample)

Dropped by

MD5 9582f98094988cb23f9110a16e36a2af

Dropped by

MD5 12d9e89922f2c6186482ca43e3df50e6

Dropped by

GuLoader

Dropped by

SHA256 28b4c1a2de4cd62e8c20ec7e4ac29dcdd1985f6bc3f6b258a6ed482ae1bc0178

Dropped by

SHA256 a23891efe3e77982dfe010fb3a083b073d0da6d002daa2f55003f1789015dba7

URLhaus

https://urlhaus.abuse.ch/url/336249/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample