MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5
SHA3-384 hash: 4e096c742b6bad98f69b18a0aaec3e4d83e166393d0b86cf9d7b28dc9506d3187b84c763e32c7c01053096c694553e0c
SHA1 hash: 719d433f928ccfa0b5c554587fd17e1a70485fd4
MD5 hash: cfc7eec10a72d743ba86e1f9f661629e
humanhash: washington-wisconsin-mango-alpha
File name:SecuriteInfo.com.Trojan.Siggen9.43526.25091.15754
Download: download sample
File size:357'888 bytes
First seen:2020-05-01 05:38:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:j0ax98A23W+9iAsPz0HckhoWNcGZT/J4plprvD0yaxzz1mw:jI37870BoWN99/eplOh
Threatray 29 similar samples on MalwareBazaar
TLSH 4274F112AB38072BCDBE17BA91B26714937697C67841E32E4ECD70C12DC7B2B55A03C6
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Heur.28851.32315.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 16:14:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0af44b9553823391f942810e491b2160386c70982d0ee3e5ab745ae161f7572d
1da6d8cdbcbc126bb0e5f21e8e4678fccd0e5ada916a304ba48c473a3e674666
1dc7b9bc7fc4e17e45e76dfb99d0106802a503fcadbe1669a0fff3499a55eade
274402fb25f2eef022a8c983908731a36aeddfe2f547057ea6c2e172a8523891
48fce5283ce4cc7338411ae3d2b3d4c9dbd6d522f2f8ccfc63c2705e007364fe
689fb0d1419bb3010bb280fcb9124931cf780afeceb1f2c455d146c40bbeb4a1
7af2440f0716f18f1d20faee99d68c25bc6e4a3eff067e759d2167aa5211221c
c599667585688c32aa84ecbdad1a01e93e4a92beeab76c48f1f415234ce26b6c
d36325c4e5d94107b550c1bea0edb4f5e6854f83ee11294685a337af71683f6a
f950a2dbbe8645cddceca51c978326425e9aaf7c1b59bab68b69ca2f649560be
+ 19 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355293/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments