MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60cbcdb415e08196418d8b319e4bd3e186ee78639363c5c1c92b0f73637dd581. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60cbcdb415e08196418d8b319e4bd3e186ee78639363c5c1c92b0f73637dd581
SHA3-384 hash: f24dbb27f09a9ce416fd5604e2f628d334528e829e8c15ce42d91046da696b26b6bcfef37587ec2fc00badf5f01c32a1
SHA1 hash: 13c7ff1447282e38c0ed06c70b6c411cd542940a
MD5 hash: 0bf536e9ee7b4d8b55e9167bbc2f0a6e
humanhash: december-monkey-may-steak
File name:60cbcdb415e08196418d8b319e4bd3e186ee78639363c5c1c92b0f73637dd581
Download: download sample
File size:946'456 bytes
First seen:2020-11-16 10:49:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:3o7G3JzwTVcGQF5WiP+frj6uljOt8lR4HANV/yKA15l:AG6TVcT5qrjBjOiqgNV/y51P
Threatray 2 similar samples on MalwareBazaar
TLSH D0156B66A988EB47C0E60531E58DA98141107BDC47B6F10A9E48B3FE91F6B97C3DD2C3
Reporter JAMESWT_WT
Tags:Foxstyle LLC signed

Code Signing Certificate

Organisation:Foxstyle LLC
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Aug 17 00:00:00 2020 GMT
Valid to:Aug 17 23:59:59 2021 GMT
Serial number: 32FBF8CFA43DCA3F85EFABE96DFEFA49
Intelligence: 7 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 30EB03CEA734157E43F44A048D144CF8DB38FBE310F986C9F46373F83801F3B5
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.29179.17710.30912.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/537517
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60cbcdb415e08196418d8b319e4bd3e186ee78639363c5c1c92b0f73637dd581/
Threat name:
Win32.Trojan.Sudloader
Create hunting rule
Status:
Malicious
First seen:
2020-11-16 10:45:21 UTC
File Type:
PE (.Net Exe)
Extracted files:
41
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0b639fef11b10b1b8c0bcf71e0030ef94ed4f09f4797447eef43c8a1a5707668
4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201116-gcgrwgpwg2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
60cbcdb415e08196418d8b319e4bd3e186ee78639363c5c1c92b0f73637dd581
MD5 hash:
0bf536e9ee7b4d8b55e9167bbc2f0a6e
SHA1 hash:
13c7ff1447282e38c0ed06c70b6c411cd542940a
Link:
https://www.unpac.me/results/47690712-f9b5-4fb9-81b4-81a3886715ac/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments