MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48edb0e5345e6c24cfdc71ad8dbb8f2cc9042101d805c234a286537b6f90fdd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48edb0e5345e6c24cfdc71ad8dbb8f2cc9042101d805c234a286537b6f90fdd6
SHA3-384 hash: 6a5b4500d62384f888006ccf72d7941155b0679ad84586201c929114074a8fc8790505d9bf5fa7850a1c98268b40fe5b
SHA1 hash: ecab6bc60d3e0183d85bd8e7fe6b9e86cc9cc5f1
MD5 hash: 036a85f75f33fd85f7b78ce13a3493cb
humanhash: spring-harry-single-table
File name:SecuriteInfo.com.Trojan.GenericKD.45225706.11669.11256
Download: download sample
File size:369'664 bytes
First seen:2020-12-29 12:48:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'658 x Formbook, 12'249 x SnakeKeylogger)
ssdeep 6144:kWIiyUsUWbMq2TPZEUP/6ZjSkrMs+jAD/+V8XyfWPJ:kWIiwwq25nqSds+jg/4WP
Threatray 348 similar samples on MalwareBazaar
TLSH EB7409117660C644F0EF6BBDDDD9996809FCEC461300E36BAFA1374A4B41E23FD119AA
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
165
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Quotation Ref6322299.doc
Verdict:
Malicious activity
Analysis date:
2020-12-29 08:58:07 UTC
Tags:
ole-embedded trojan exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/b7987691-43b8-4b7a-9e24-e2f341ff2bce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109769/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45225706.11669.11256.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
DNS request
Sending an HTTP GET request
Creating a file in the %temp% directory
Deleting a recently created file
Creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/571411
Signature
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48edb0e5345e6c24cfdc71ad8dbb8f2cc9042101d805c234a286537b6f90fdd6/
Threat name:
ByteCode-MSIL.Downloader.Starpast
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 00:07:00 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
0ef7c8a77977cad0c01973b63c83892ff04d3da86ecf5e6bf1f2427361923864
5b52beb61f01acce45442d85adcc909eabc07d87fc006d35c9e37f5d8b69d2c2
823f72e280224715e6d4f7fff1f792d2c372d7633eab250f2308325eff114c18
93b54f00313eead297d3e2d93c4f84d023f862e524509dd31cd5bf58dfcd0631
9930543939f97818319ed031530d9e084994331aa4b06a304faeb321bbcc63db
a4273258f20011ca2466a27ca652b8cb2febf6ef5cfea22c608cd17be702834e
adbdc4cbb6b8805700fcfd618e763872f6960f5989a62c9cdffc961d9b0f3e39
e2ee2925682e188e41fcdf49f0274de4617fc3a9506ad31be7a9caeca6d21b38
f10109e2e93cc1b099adc1aee4e8306dc1e43baa4bfa7f2a7ff657611e12fb08
fcdececb42372d5ae1a1a1d367046476f916624878980498984983f00add62ad
+ 338 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201229-zelm6kwk4e/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
48edb0e5345e6c24cfdc71ad8dbb8f2cc9042101d805c234a286537b6f90fdd6
MD5 hash:
036a85f75f33fd85f7b78ce13a3493cb
SHA1 hash:
ecab6bc60d3e0183d85bd8e7fe6b9e86cc9cc5f1
Link:
https://www.unpac.me/results/524248c0-5ccb-4212-ad75-0061701c2a59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/48edb0e5345e6c24cfdc71ad8dbb8f2cc9042101d805c234a286537b6f90fdd6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 48edb0e5345e6c24cfdc71ad8dbb8f2cc9042101d805c234a286537b6f90fdd6

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/109769/
  
URLhaus
https://urlhaus.abuse.ch/url/944362/
  
Delivery method
Distributed via web download

Comments