MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a5a22b508a778ce928a6e7ed3f25c30c4d57176334035a2354effa151e44e60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a5a22b508a778ce928a6e7ed3f25c30c4d57176334035a2354effa151e44e60
SHA3-384 hash: e852cf182d8a628f3042f13f8e1971b4e31959e4227f8c8fc9cc59d06b609aa1c8a52e4c570cc4baaedd0e4a7f762af5
SHA1 hash: 03f7c8249c2c36176bf9c81a5240f09f20748aef
MD5 hash: 7bfc00b51552d6795984835c99fc3d23
humanhash: north-finch-west-sad
File name:awator.net_nets__net.exe.malw
Download: download sample
File size:494'592 bytes
First seen:2020-03-18 18:24:43 UTC
Last seen:2020-03-18 18:28:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Gv6o8/jMH4RZb0Ame/pwf+SOlQL6k6pHXBIuN/SiVakb5v3C:hMQS4U6k6lXTPz
Threatray 2'241 similar samples on MalwareBazaar
TLSH 93B4D0B13A83B44DC44D0A7B596215C0EB32D4C736ABCB0EA7D6063D1EC7A4E8F4596B
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Basic.1.Gen.15581.30256.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Basic
Create hunting rule
Status:
Malicious
First seen:
2018-12-17 19:40:20 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
32 of 45 (71.11%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0831d2ef7d75d3086cfea4f7fa8c0b0dd8d0d4bff400670dda898a7dd1ded392
1b8b4e62fb4118fc4f27c17d3a94d6d61a83cd6d11b224460d7f52b2a5f7c7d5
24f25d0bca087db5a6a5733171d3cee1fbcacdfcb00ef5b7bf79ad6fe362b069
317f3e79ff4110f5310f4722d429082ef957112fc16221b28c7e036a4b7f68f8
50e781f81383ec2a395e7cfc2e75acf89b97b1472530a5f6d6863e3b8d64fd2d
6cfae9fac2b59c2520f8911a66bd16899886170ff2a5f17f40161ac47f66b0ff
b9c1be5f81b9261b1bb68fb0f667a57721bd04b750427a9382844c42d18dba6e
c458849465e25bcdc935e8a2db439ecb9e3cc099cd31b0f510dc77fc0d6704cc
ca54dac8de04ef9b1f74a39470ae1f615ecbb9cd5eaa093c3d70d7d40576eb9a
ebb20ece00b9d35c26bb797dbbbd6df726473e198a53095cb232dc8042c18d7e
+ 2'231 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a5a22b508a778ce928a6e7ed3f25c30c4d57176334035a2354effa151e44e60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/186300/
  
URLhaus
https://urlhaus.abuse.ch/url/186330/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments