MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5880734f092220f1502fba1ec1ba45572e8b84715cba0dbf9cc947ba9e7d2670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5880734f092220f1502fba1ec1ba45572e8b84715cba0dbf9cc947ba9e7d2670
SHA3-384 hash: bfd7fd9b6726653fbc97b9329109a0fc71821875de07d1078e0688cac6329bb07f0116dfdb4ccf60d13260010b14ff62
SHA1 hash: bb5ecce074db77549f94f5ee474d3e1b9d49d755
MD5 hash: ae5b01b53c318c2fa988430dfddf0400
humanhash: california-potato-alpha-butter
File name:NetworkBrowser.exe
Download: download sample
File size:24'576 bytes
First seen:2021-05-07 04:51:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 384:4jcCjcAaQ4GeuVQiXXddhUykdLToE6Y7vcR60tSIUiJskvwKwq6uKJhTqFSJhTq7:IcecAaQ4GeupnupBz6L6sUiJAJLJG
Threatray 17 similar samples on MalwareBazaar
TLSH 59B27C1163A8D773C8BD2A768D7311554BF2EB089861DF5EAEC5A1CD88E3B240300F93
Reporter starsSk87264403

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://sweaty.dk/NetworkBrowser.exe
Verdict:
No threats detected
Analysis date:
2020-12-30 14:12:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/37234993-1bd8-42dc-84e1-9f8b07b5f6e8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/152392/
Detection(s):
SecuriteInfo.com.Generic.MSIL.DownloaderB.10BEF32B.27312.23789.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/715521
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5880734f092220f1502fba1ec1ba45572e8b84715cba0dbf9cc947ba9e7d2670/
Threat name:
ByteCode-MSIL.Downloader.Tnega
Create hunting rule
Status:
Malicious
First seen:
2018-04-03 22:59:00 UTC
AV detection:
23 of 47 (48.94%)
Threat level:
  3/5
Verdict:
suspicious
Similar samples:
22c77b873f0fb566c2d776f77f3918f6e3882913cdcce61beca7d7e64f3a302d
240e2d80f222da0d58f7b39ddd42d5cef48b531db9789fc15b9b10c6eaee1c17
30faa3175ec4ab520f8a730b7a047fd410ce3b82f86b5d3e881e31044a7a381f
47f2a6b70dc653d3d52c80f357088cac6c373778f1445820f369fe088b1a8c42
503cec3d1e7545f610736aa3ee4473b3e0f28ee2bd80b682e8d8f687c2410008
7877200f3f382801e8f65f786bd6d0fb44da6e8c55d52876cdb5a513ecd56829
8eda0cfb1d7c9c7fcd2e52e8cb708257d1d318b4bcb14310f63281fe0faf0e63
935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1
a0b4611fde48b7a3ae05cc87251f47f34f3b837bc0402f86ec05cfc1edadc13f
b410024210388217aafb574bbe5a23efaae6ab2e5582b8ce0e8f77cfce1c5a40
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210507-fm59cpsyya/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
5880734f092220f1502fba1ec1ba45572e8b84715cba0dbf9cc947ba9e7d2670
MD5 hash:
ae5b01b53c318c2fa988430dfddf0400
SHA1 hash:
bb5ecce074db77549f94f5ee474d3e1b9d49d755
Link:
https://www.unpac.me/results/cd8de88f-80c1-4a29-bde1-e4e32ba96713/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tnega
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5880734f092220f1502fba1ec1ba45572e8b84715cba0dbf9cc947ba9e7d2670

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5880734f092220f1502fba1ec1ba45572e8b84715cba0dbf9cc947ba9e7d2670

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/190636/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/152392/

Comments