MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4893bcf8553f34fcbd61f3da087f9e9ed9f8f0ec50d9a121859316642e055524. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4893bcf8553f34fcbd61f3da087f9e9ed9f8f0ec50d9a121859316642e055524
SHA3-384 hash: 40184b582192af1d3d38732268de4d826d204617a2dd091e4c8809bb671f35d82e712485989fb2aaa4cf58c7d18a828c
SHA1 hash: 1d8fe3d8aaf6fd72a2751d032069a39ea2444c07
MD5 hash: 226bae8beeb2ba60f0722a69666bfc7d
humanhash: eleven-mango-don-emma
File name:4893bcf8553f34fcbd61f3da087f9e9ed9f8f0ec50d9a121859316642e055524
Download: download sample
File size:1'017'344 bytes
First seen:2020-11-07 17:17:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:g+fgKj14w1jmgztwmfwsDZJ5FmaiDR9pPr:a+1cgza8Fmaix
Threatray 76 similar samples on MalwareBazaar
TLSH 292527201646DA18F1BA33F7846744F0A7F9BC03BE61D5AE79A4348A4568BD38F1371E
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4893bcf8553f34fcbd61f3da087f9e9ed9f8f0ec50d9a121859316642e055524/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 17:22:14 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03f5b9544b3bb2db290e54dfe203f425374d973ac225df52a7cb29adc7998726
287597fcffd11298b757ac806606000d8dd4c3c2641891c1932a1e76348d9922
2ac56457e5dfd887f318ab16bbc8fa9711095b8cb4cae99f5a34358c9a8502f0
608d70c1cb35d04fa09469743651ee50e859d9ea016f7492bc53008de310deb7
69b99d16f072c6ab2687da255681f3f1c3a97746bfe516b206644a5056a99425
867ec49152a23a8e5ea628a48ec1810db588a716b922e6d1c8e7c45116908d24
a362c422dd9a2c24a7cc96dc14244742d24274b78da4b0a27157ac9e7c38b04a
c1db0bc7089675799a66c321a0401a402b94e0d455037b0cbd76e54188de43c8
c5bfbac52396976e672116e5fb07d6cae05d2b07b749d08283a26bcf29677dbe
ef93be06b93e89bc68dd92ca713f40e320a654c49a241a6884785acf964b8ba9
+ 66 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201108-4esdmaqc6j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
4893bcf8553f34fcbd61f3da087f9e9ed9f8f0ec50d9a121859316642e055524
MD5 hash:
226bae8beeb2ba60f0722a69666bfc7d
SHA1 hash:
1d8fe3d8aaf6fd72a2751d032069a39ea2444c07
Link:
https://www.unpac.me/results/d3542633-8913-4e68-b067-97702d5c32fb/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments