MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46fa97ac4b2b9c3e87bb62cfd9a1030fc8f76957e6d418bce5b6f4bc97912da6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	46fa97ac4b2b9c3e87bb62cfd9a1030fc8f76957e6d418bce5b6f4bc97912da6
SHA3-384 hash:	ff9ab53c8ed3f25a358d2a2faa7c0ba81fb67db6e4fc46459b211fbfc1e6829dca6d30bb67b9e91554b0c8e5e801f6fc
SHA1 hash:	e342256d61cf62eef80369bccb74e20ee2034d1c
MD5 hash:	90c03f96215869afb9c8cadf6416b328
humanhash:	finch-uncle-nebraska-music
File name:	SecuriteInfo.com.Trojan.PWS.Siggen2.49759.22150.32122
Download:	download sample
File size:	187'392 bytes
First seen:	2020-06-05 10:35:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	3072:5KnTW2QcjVS3MRoEne9I2k5bgQX9CP6S/zZIIfEazz5K97U79:5oCM5MI2k9gQNe/9v9zO4
Threatray	437 similar samples on MalwareBazaar
TLSH	86049E103D29991BD89947B7C0F7B92D0376AD03A263C54A3E8E31E51B17BDF8405ADB
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

63

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.49759.22150.32122.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-03 07:47:10 UTC

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

391a7e0172d79865fadaf54777398f0cfa129ae9fa39ffe5d40870837f791eb1

4de2196d7dc7517347eb1c635e2149e924e8987420fc5af59be092f8bc3b2a32

823ba9f7f984df31374ca689e9d4fefb97ed9d6bd4782add1f708b49723a6201

a7de9d4e61974469f09d36e58bb473b899cbc22e3dbfec1a3713affc2884d25f

aed6b36153ae60bcade2c6368dbf8fd91a654e65475590d119283dd429e54da3

b4e82e572217937fb6fb66cc5f4761b3220e1c112daa4c7a9277bb871f455967

ce3aa52d9d89e7e26b7e1c0db641d59d315a730d141d3079889a7b6a039a236c

eb32148d581f0745d2428e572ec118abeffdec77d1ad1725278ce5279a152a23

f039494ad7d13c65dc288470e8116ee69b69ad3ef16375f2161c2875e9221e96

fb6c98ba079d0dc9d3d980f67a96f92263903b78810210ff731b0036999ade83

+ 427 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

persistence

Link:

https://tria.ge/reports/201109-4a22qyq232/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Adds Run key to start application

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 46fa97ac4b2b9c3e87bb62cfd9a1030fc8f76957e6d418bce5b6f4bc97912da6

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/381819/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample