MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46ee7aa3a8e37caeafb8716ef015b48f5c319336e16c4772b7ddd50bd4e56bdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	46ee7aa3a8e37caeafb8716ef015b48f5c319336e16c4772b7ddd50bd4e56bdf
SHA3-384 hash:	71527c95731b55f424960e88e52203cd612de1976477fb920078f4350b22eb7b9d2419062bd0060f9deab3b48c7fe720
SHA1 hash:	a26ce1efd99583d50212bf3534b0eb6a34d717ec
MD5 hash:	a2495a53562b528603867a73f595b3b9
humanhash:	uranus-summer-kentucky-delaware
File name:	SecuriteInfo.com.Trojan.GenericKD.42989373.19121.18254
Download:	download sample
File size:	3'027'968 bytes
First seen:	2020-04-22 16:56:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c19c5a27cf193c3f49f1a5b91054e502 (3 x RemcosRAT, 3 x BanditStealer, 2 x AveMariaRAT)
ssdeep	49152:1gexNIseB0hzDSj7DjMN6HFdkDr4e39DtFC2WtLn3LiJa5kuvr1w+FF:1gevDa09DK7DjlldIEe3TQX7ik/r1w+F
Threatray	32 similar samples on MalwareBazaar
TLSH	25E5330A65B72324CA194A3F22491425B03D14E0EEF4A411CBA5F33B99F37962D5BDEF
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

SecuriteInfo.com.Trojan.GenericKD.42989373.19121.18254.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Windigo

Status:

Malicious

First seen:

2020-04-15 00:46:02 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

33084be03513386911655bc80a549a8aec6f8cbeef78975c0f9ae486e68b1b31

34c2eed8a266d3b5221bb51f0b5a59712b01d0b339a1db8f626688cb8fb81030

40a340087cc07780bfd61eab92e40f1223a6de88ec191bdedea0b91b16eca2aa

5e00e50d04130b470825d6c1bd58542d32a0a4f52c4d6e6ff01ea1cfad8fce3e

8aec9a6d0849cb10d68adb2ac069a69cbd34b099d410ace5756563dcf52fd79a

ace15d620a4d8a32324351bd7405307873f7101f113a7e022ed9ec06ee1689b9

b61cf35c2b6ac8352598a823529fc2b72df2d0811d6266fdaa57404798f271e2

cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f

d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4

+ 22 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 46ee7aa3a8e37caeafb8716ef015b48f5c319336e16c4772b7ddd50bd4e56bdf

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/348061/

URLhaus

https://urlhaus.abuse.ch/url/348062/

URLhaus

https://urlhaus.abuse.ch/url/348067/

URLhaus

https://urlhaus.abuse.ch/url/348066/

URLhaus

https://urlhaus.abuse.ch/url/348169/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample