MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5eeeae5aa5d31a7ee09a0bf20995c6b52cb73ea634a563c2220dc7bc3444a60d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5eeeae5aa5d31a7ee09a0bf20995c6b52cb73ea634a563c2220dc7bc3444a60d
SHA3-384 hash: c0e3fc6d625d84e1486e8646a0667edfa509df11923e33718c19e51750efda2f493eba1189fff45cab5083beefdc97db
SHA1 hash: f6198273e4928b4f8f8cf2fb667d464ef72f5f8e
MD5 hash: 712a51601b8ce52872beb3912f592735
humanhash: green-juliet-diet-mobile
File name:#Agent csrss.bin
Download: download sample
File size:624'592 bytes
First seen:2021-09-08 12:10:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dab6c2a49e12e0ccebebbc08cd1879cf
ssdeep 12288:mjPK2wTNi0/gGc8mbEqHnSyUxqIwCWCUsn0rlRDH3noVf:m7TwT9DcfbvSzwq+13oB
Threatray 4 similar samples on MalwareBazaar
TLSH T163D46D26B3A24433DC631A3D4D2B93949D29BD513E34DDEA3BF42E4C5E396813939293
dhash icon 0c0c0c0c2c2c2c2c (4 x TrickBot)
Reporter KodaES
Tags:agent exe TransparentTribe


Avatar
KodaES
https://app.any.run/tasks/41c64dde-acfb-423a-8036-fa2c57e0943e#
https://www.virustotal.com/gui/file/5eeeae5aa5d31a7ee09a0bf20995c6b52cb73ea634a563c2220dc7bc3444a60d

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Dropper.Script.doc
Verdict:
Malicious activity
Analysis date:
2021-09-08 11:53:17 UTC
Tags:
macros macros-on-open
Link:
https://app.any.run/tasks/41c64dde-acfb-423a-8036-fa2c57e0943e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186339/
Detection(s):
PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a UDP request
Connection attempt
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/19cf0989-116b-4946-9876-15fca0d01477
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/847369
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect sleep reduction / modifications
Creates multiple autostart registry keys
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5eeeae5aa5d31a7ee09a0bf20995c6b52cb73ea634a563c2220dc7bc3444a60d/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2021-07-05 16:58:52 UTC
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7
204b5f6085ac0a3082590aa0518074cb2e7fa9ebb6ccb4106cbf57588453104e
3f3db971f1d2721ac273e60fb9b0e172bb635f8f5e7889eaf9fc59d61edd5ddc
ff8dd2511c1721a535a31eb7e8c4f813ba114a2ec963f4b85f8808fa99d47422
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/210908-pcnm1shfbp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Adds Run key to start application
Checks installed software on the system
Unpacked files
SH256 hash:
5eeeae5aa5d31a7ee09a0bf20995c6b52cb73ea634a563c2220dc7bc3444a60d
MD5 hash:
712a51601b8ce52872beb3912f592735
SHA1 hash:
f6198273e4928b4f8f8cf2fb667d464ef72f5f8e
Link:
https://www.unpac.me/results/f07b57ca-1a48-4422-a5e4-df844c3a50f4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5eeeae5aa5d31a7ee09a0bf20995c6b52cb73ea634a563c2220dc7bc3444a60d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/186339/

Comments