MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a20315c32570c86ad274f03132ffb82c2b4e57efd19d7ae7ab82f0f80e953e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	5a20315c32570c86ad274f03132ffb82c2b4e57efd19d7ae7ab82f0f80e953e1
SHA3-384 hash:	794df655ba80d1acb0ef6ac6a00d3fae1acf43cee2729cda552b10e4aa1f34256fa3aa1db02e48cab6870d575355146e
SHA1 hash:	d9579476593ecbf8ab8067e4ae218cb6dd662c6c
MD5 hash:	bffe78e89d4b76000e938eadc56367bd
humanhash:	wisconsin-march-kentucky-echo
File name:	bffe78e89d4b76000e938eadc56367bd.exe
Download:	download sample
File size:	3'497'905 bytes
First seen:	2022-02-07 08:22:30 UTC
Last seen:	2022-02-07 09:54:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c284fa365c4442728ac859c0f9ed4dc5 (94 x RedLineStealer, 10 x RaccoonStealer, 8 x CoinMiner)
ssdeep	98304:JuL4sBIrcnajzfqMFXOOfaYHNJr/Wuw50v:K4+IIUfRFxi2NtWu40v
Threatray	1'201 similar samples on MalwareBazaar
TLSH	T192F533E2B7846B11D14CC3FF35820219EA59C7D827186AE6F3D40703E9938BA86576DF
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

120

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/234134/

Detection(s):

PUA.Win.Packer.Asprotect-3

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

DNS request

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/6200d6edaccdde96b5e469bd/reports/91d35f92-98a1-488f-a6dc-7ebf28bf06dc/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8847d139-da50-4928-a97b-ce68c129577c

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/934970

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has nameless sections

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5a20315c32570c86ad274f03132ffb82c2b4e57efd19d7ae7ab82f0f80e953e1/

Threat name:

ByteCode-MSIL.Infostealer.Convagent

Status:

Malicious

First seen:

2022-02-07 05:00:40 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

28 of 43 (65.12%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

1ccc0af2e57d00c53b91e8e191a9a3ce4692c87c4ae8a00035323c840f921708

201d999e93250a40e6786d6c40a914385e731d80ae4b12ca622beb119f42ec39

25cd127b9d559d6754269ecc116d35be66aca027640bcd71a836567c32b946c5

353e8efbfa1586ae7dc457b6840459fb64ec0df10387154d18e7adbc8a3133f5

364caf6fd9b89ebe54e6e6f295f3c9e458dee4d382f16967b9cef4883cc3864f

957ed2e3e12649457ccc30d7c67b31d3362460c9aa1b38208c522959e779610b

aa5d64ea27f3815042af53f0bc229a7c8dd1f3cd090c1e21eae2a016136f20b8

dfe45f63b7f1386ba1351bbb6fb52ab1988f36d227c82903c26da3ce98c43e72

f04284c48276af9850bc4123e255b1eb8f6c146114ace5ff76ed38bba059ebe8

+ 1'191 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220207-j951nshhf9/

Unpacked files

SH256 hash:

5a20315c32570c86ad274f03132ffb82c2b4e57efd19d7ae7ab82f0f80e953e1

MD5 hash:

bffe78e89d4b76000e938eadc56367bd

SHA1 hash:

d9579476593ecbf8ab8067e4ae218cb6dd662c6c

Link:

https://www.unpac.me/results/cc9679ba-2f93-423d-b823-f5806c26d9a6/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5a20315c32570c86ad274f03132ffb82c2b4e57efd19d7ae7ab82f0f80e953e1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1992538/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/234134/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample