MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5440e3ba334553d5264329b32eaab06d2bd91e4dc69b83968723d2abcc1bb3de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5440e3ba334553d5264329b32eaab06d2bd91e4dc69b83968723d2abcc1bb3de
SHA3-384 hash: 86be10dd195997e6ad113d023cbcbb68403b7d2d075aa85a4900c058b359d5c7c76054b09431729b0ee2ed6b1aea55d8
SHA1 hash: 345ee13efcd5922a1a84d30454c2bf29b35541f3
MD5 hash: 90ed4d61ae8315591b57982fbe73d067
humanhash: rugby-oranges-utah-island
File name:5440e3ba334553d5264329b32eaab06d2bd91e4dc69b83968723d2abcc1bb3de
Download: download sample
File size:414'720 bytes
First seen:2020-03-23 18:57:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:1bVL0nt7DmqFy4Or4rQgg5s8iLZ11zu47MDdW/DDPgvqThU:1tu+r4rQYZZu4/DDPgS9
Threatray 4'852 similar samples on MalwareBazaar
TLSH B894CF0377558A83E715B1BE42D9E6402758E1C3D751829E7E9F8219AD832CF3F0EE89
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.11912.14362.28152.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-02-15 01:58:42 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
6023812166224ffe7f3ff3efacddccd27c4ae1f09aa2dc9e2f5c8557d6bb4382
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
d13d1c39956ee9f7123416a5b52f9f631aaeca544d1af3fb48b446485c59d377
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
+ 4'842 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5440e3ba334553d5264329b32eaab06d2bd91e4dc69b83968723d2abcc1bb3de

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/321942/
  
URLhaus
https://urlhaus.abuse.ch/url/322024/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments