MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9
SHA3-384 hash: 69c13821263fff1b141d5c534a36bf4caaa123d6f3a1630b64bbb533218bfd7ae246b6b14f39c392a38a8502337a5aa1
SHA1 hash: 118580c111cd1d5da92c281647cb773d060dfb4b
MD5 hash: d335904e0fc1209cced63553bebb5203
humanhash: pasta-mirror-zebra-north
File name:SecuriteInfo.com.MSIL11.BQEP.16523.30026
Download: download sample
File size:536'064 bytes
First seen:2020-06-19 14:44:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 12288:kD3LAmOkOB8kL/utGjV6tJapnbFmy3PZUoyIGNOJiR:knGZGitGR
Threatray 855 similar samples on MalwareBazaar
TLSH 80B4A2343AFE5019F273EF759EE074DADA6FBA733707945E1081038A4A13A81DD9163A
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9611/
Detection(s):
SecuriteInfo.com.MSIL11.BQEP.16523.30026.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Revcode
Create hunting rule
Status:
Suspicious
First seen:
2017-07-26 16:26:35 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
35 of 47 (74.47%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
14885a4bfd76cdb49db108d03ce3a8c88c301c786eed577606aaacc49d673bfa
1d67a78a85100f6be1da61ddf1b8945d5e3c114a61e8ac505e7a18653633c1d2
3c03c5f80df2762d336347192bcb146bd837550b208bab90b0e81d481d7e3506
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
726156ccca0ba0077df20db0e438db482c7197d69453b890332ed69a9e509352
7848e6e1c38a88fffa92f4ef02ecbf2ac332f2c12a42b04f6d0ac186ad815c21
801aff832240d9b440bcd8fb1244c03b328a91035a69de29ba8421b82e077ca3
d9073504ba97540b65006d851251f330bcfb130500daad9a7f8616cb5a6a9ba0
+ 845 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201109-crpypm7qxn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops startup file
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_WebMonitor_RAT
Create hunting rule
Author:Florian Roth
Description:Detects WebMonitor RAT
Reference:https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:win_vobfus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_webmonitor_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9611/

Comments