MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e21a5f0f7de102fe191d59b5093f691a61b5d3cab0df1d023efa3693536b4dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e21a5f0f7de102fe191d59b5093f691a61b5d3cab0df1d023efa3693536b4dd
SHA3-384 hash: df00e0d3843e249c964f807c5108d1a471b357d56a72a82ffd123d46e54e83ff5d6297bfe87028e5fb1adf57adbc9b30
SHA1 hash: 4ea647b9f88353581b7c45e33a992c8226046bba
MD5 hash: edeefcbb3347fe30dbaa8be4ceed6203
humanhash: eighteen-nevada-hawaii-juliet
File name:FivemSpoofer.exe
Download: download sample
File size:298'496 bytes
First seen:2020-04-08 22:10:44 UTC
Last seen:2020-04-08 22:35:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:QxBbsHnBpwTL1Zev1XK7FHTPt88888o888e8c88888888888888888888888888i:QxKHnBpwP1Q67FzPt88888o888e8c88W
Threatray 22 similar samples on MalwareBazaar
TLSH 53543BAC76A471CEC8BBC672D9E81C70EA72787A631B824B901715DD9E0D987CF101B7
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.718268.16561.13312.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Antiwd
Create hunting rule
Status:
Malicious
First seen:
2020-04-08 22:10:31 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0e6e7faa39d1dd3275faa5ffd294be11de0b363f16c5d29678800e8fde186d67
12b62af6539e46350a256cc22d72b17b2d005507ff7332390da2fc2ebe159bb1
28195c3bd4e3cb4acfa7133f125c7764b7896757bee00b61a4b019c2aba0ac3d
3ec51daa2ad133cfcdce1ffca7081f96ee58d9b5c2d302cee732e6e2cc3d8cc6
52c75df3543c463db5b76675707d5969efe89d763cfe7a5567479b3313a16234
5605f8e6000402125426e6f6dabd257cf299aa6b179b9ebde2db059aa19e5d12
c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba
ccfb3375ab05225fa22bce51864a9fcdfa3b73d09a207c10a6f60b23dd05661a
d59f4326de544446fc05984fc4ed5d1b2bd32cbeecaad97474af2ac24befeb67
d68a5a2bf92f0f08b8eb6f39351462f81d65d54085c1c7ae3aa81b2d3018434e
+ 12 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments