MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 480da52f82cc26aaa41110aaae13981b2c635fe5ad775224860af5124d03d076. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 480da52f82cc26aaa41110aaae13981b2c635fe5ad775224860af5124d03d076
SHA3-384 hash: 474142f16f3ea5627500592a7bbedbe39cefd6a173f0550dcede420085824a126ca66992f29054d1606744b3f76082af
SHA1 hash: 2f4e7ace40821fa1960caaab78dbbd0f91f66ccb
MD5 hash: 1d3058b532526e1884529a6ab38b0655
humanhash: august-delaware-happy-march
File name:SecuriteInfo.com.Artemis.22347
Download: download sample
File size:530'432 bytes
First seen:2020-05-01 09:47:19 UTC
Last seen:2020-05-01 10:50:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:5lJYe3MODtAgCtmCbqnreY8iZgmZTDCoShZUxsL5h3E4O:5LYe3MODRCtsreY8ggmtWth+xKFE4
TLSH 31B4CF213B91CC51C595263D4D65D6B99212BD6ADD39820B36D23FCF3BBA242CA03F39
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.22347.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 00:55:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
unknown
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 480da52f82cc26aaa41110aaae13981b2c635fe5ad775224860af5124d03d076

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355348/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments