MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MegalodonHTTP


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad
SHA3-384 hash: 0ab16e6b2a44ce33fb61d073f3e9a2bb6a31bbaa8df598a494a24b04ffed7ad1b416194358684e86567f76055cd49c01
SHA1 hash: fc5ef4caf4d8a51a340f6fd98ac525debcff8f30
MD5 hash: 66a3124fe4ed45fae20e2bd4ee33c626
humanhash: happy-shade-fish-alpha
File name:9051077.exe
Download: download sample
Signature MegalodonHTTP
Create hunting rule
File size:285'184 bytes
First seen:2020-03-22 07:44:04 UTC
Last seen:2020-03-23 18:58:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:sU0sd0bzy1GOgofaePZ3e5fv+vc6X+olz:XzHGOgovPwcXbl
Threatray 487 similar samples on MalwareBazaar
TLSH B454BF8095BD58EDEFFE0E3D6CB6C519C0D62A212E5BB74BB40D00C919052B529BAFDC
Reporter JoulK
Tags:exe Lucifer MegalodonHTTP

Intelligence

File Origin
# of uploads :
4
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/798/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42872021.31847.25914.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-21 02:32:37 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mmhpuhrnyzbhtg4gonr3wnwrsu4iisakykmufinleasdvcuwecwq._file
Verdict:
unknown
Similar samples:
06c3086d2a9a4456f1e98b32ce177c455ed82caf13ae4bdc2e402d78f566160c
MegalodonHTTP
275537d87441c354b859273e0729177d78f185bebdd9a86fac240a3f168a80a3
MegalodonHTTP
3c05c5b0d65a0c7c5c415a6dc5adceeb651f986f40d4a5d2cf41331b8a8d52b7
MegalodonHTTP
4853f32b8c9939f78afa1660524e6bb7d7c7359d8c2aed5f09cdaaa0c60a791d
MegalodonHTTP
545e7d34943eb13bd1f648178d6a19fc0cab40faf00e15a8273e3617d2a1f1f2
MegalodonHTTP
5d5972b96829869418e78f028416f873a9df1d81c7e0509ac63b81204e71ac9c
MegalodonHTTP
b023a34548a0f58904fab9d0c977edd8eef12a8185661dcb51b9937df768aed1
MegalodonHTTP
c7ead8266de17cda17f2c1cf6b146c616a092f2a4d2e59cf80e2815976c5932d
MegalodonHTTP
e1791b23657d18fc636878f24a44a32f1a2ae4814668600b14b10c03e48c587c
MegalodonHTTP
e9562206911b00e6f2479459c556bb24609d7151196792c31b9bba547e9c161c
MegalodonHTTP
+ 477 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MegalodonHTTP

Executable exe 630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad

(this sample)

anyrun
any.run
https://app.any.run/tasks/d4b786a1-40ea-4f83-92e6-c9e788fbfeb6
  
Dropping
Lucifer
  
URLhaus
https://urlhaus.abuse.ch/url/328259/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/798/
Cape
Cape
https://www.capesandbox.com/analysis/797/
Cape
Cape
https://www.capesandbox.com/analysis/796/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments