MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc
SHA3-384 hash: d6bda3231f5ff262305f842956e86e51b58438364e9c3d71b438fc9cd453f73ad8361568fd71d904793a5aee8fde253a
SHA1 hash: 5fe12960dc7feed7418d14092e4b72bdeb7379cc
MD5 hash: d356b7f8cc0671a31d36cd4677331116
humanhash: floor-high-arkansas-minnesota
File name:SecuriteInfo.com.Trojan.Siggen9.41902.17782.20889
Download: download sample
File size:8'192 bytes
First seen:2020-04-30 01:07:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 192:oPM2dCdkJEAlyuDEwq9LaB+M6Hg432sDE:oPWyqcyuDEwq9LaRfsA
Threatray 347 similar samples on MalwareBazaar
TLSH B9F1F811BBC88735C9DB8B7984F383109778E3299916CF5D5CC0125EBDB17648BA36E8
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.41902.17782.20889.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Downloader.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 13:33:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0dea8bae5ab19f84a596f05732d91b60a1fa93cae6dfbbc1166d127c3e2834a0
20c92a8fbd7ef9b25f61e93b0bb0c31f95040185aab9965141fbde99c47ea46d
251c55b7c7c02eec9a87eca94bb01f653317ef5d8278aeb2b511194d7057a675
38701fe4b63d1436ba2e26cc7e268327299b58bcccbf074bfb2cbbcf57ceb2ea
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5
701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4
cd8770808daf4f97a339438001f0ac7dab0853feb07134e6f7bb2fc3db9581c0
d35f40a630b2e4b24ec76c354e1e66d927afe339aaba45ff3c750ed52193c910
e7fa1cf008969a70a894b2947737b69c26abb63378d9d4305b698b223793029f
+ 337 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/354288/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments