MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45d57d40dbdce9a45e7956aebb11846276cc1228862c64b861567d3978748803. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45d57d40dbdce9a45e7956aebb11846276cc1228862c64b861567d3978748803
SHA3-384 hash: 9fabd3b7f90c208171d25eac359af35c13767b210c95047780de3e89ff50db61b39070e35459b1dd784c36e75f8aa6af
SHA1 hash: 10afe5e0274423f79b20b24cfe22b7b1ecfd23cd
MD5 hash: cbe1211c8d74ac3d4026daa41db09904
humanhash: uniform-moon-winner-white
File name:cbe1211c8d74ac3d4026daa41db09904.exe
Download: download sample
File size:45'584 bytes
First seen:2020-09-15 14:46:00 UTC
Last seen:2020-09-15 15:39:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 768:V+N1j1UFPd2AYxRd1N1r+X7/AC07AkLn2pvaIUspZTlSlKXriXiRmiU:Uj1Gd2AYXd1P+XUC07AkLn2pvaIUsdwB
Threatray 2 similar samples on MalwareBazaar
TLSH 6F23E7A3074E9DA7C6CB1330B94612A31D60810B137F2D7276E15FB12A67A86D377B1B
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.FileRepMalware.22515.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/466766
Signature
Binary contains a suspicious time stamp
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45d57d40dbdce9a45e7956aebb11846276cc1228862c64b861567d3978748803/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-09-15 12:40:38 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
df6b12e28602092e6841be50355a76684b5333b236cf9b8441dd73fc1abbf4ae
e3ba9cd4d091e4df2dc8c8f8ebf3b849273e65454cf19286083d64f76ef3034f
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200915-ca9jpht8wj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Program crash
Legitimate hosting services abused for malware hosting/C2
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/45d57d40dbdce9a45e7956aebb11846276cc1228862c64b861567d3978748803

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 45d57d40dbdce9a45e7956aebb11846276cc1228862c64b861567d3978748803

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/60647/
  
URLhaus
https://urlhaus.abuse.ch/url/513264/
  
Delivery method
Distributed via web download

Comments