MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d02a7969e34cdedb37997496c951b9e37f40eb8228deef6e436a3781ce00966. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d02a7969e34cdedb37997496c951b9e37f40eb8228deef6e436a3781ce00966
SHA3-384 hash: 7fdc37510b40d61373e021db730a8715b70f3aa5f07cc18c1633941eb986fc87049eeb228d8da89e6d9c24a1ea51bd22
SHA1 hash: b8d597a104dd64cd862ca24a017b021cef11cee0
MD5 hash: 2d2fe787b2728332341166938a25fa26
humanhash: white-item-seven-nevada
File name:SecuriteInfo.com.Trojan.Autoruns.GenericKDS.33668003.10524.137
Download: download sample
File size:968'192 bytes
First seen:2020-04-15 20:49:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'659 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:gitWtzyqUeoKQ74qzfhVJ0lL01kKWqzUPSjozPNGryl5M:g9tzDUeoppwGZUqjoz4ryl
Threatray 3 similar samples on MalwareBazaar
TLSH A925230D3246C5A2F88A43B90B7A870B1965A8572643D2473BF1B2758B3DBC3C95BDC6
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4439/
Detection(s):
SecuriteInfo.com.Trojan.Autoruns.GenericKDS.33668003.10524.137.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injects
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 00:55:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
46ee7aa3a8e37caeafb8716ef015b48f5c319336e16c4772b7ddd50bd4e56bdf
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
96e3dab826ca6a894973bdb308ce141be90e043efb7d3c707d8e09b35453e699
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4d02a7969e34cdedb37997496c951b9e37f40eb8228deef6e436a3781ce00966

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/340849/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4439/
Cape
Cape
https://www.capesandbox.com/analysis/4436/
Cape
Cape
https://www.capesandbox.com/analysis/1283/
Cape
Cape
https://www.capesandbox.com/analysis/1282/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments