MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc
SHA3-384 hash: fea2e45bddf7d7fe86e8c19067a108182e5a23ddb30caf4df0603926e5700c81ff3701ecf1568dc98642f85ce5e79bad
SHA1 hash: cea9ddd2198555486eb58f300f6f101e38a423d8
MD5 hash: 220a187444d15555a918fe092a4c4fde
humanhash: steak-oscar-six-south
File name:6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc
Download: download sample
File size:884'736 bytes
First seen:2020-11-03 12:19:54 UTC
Last seen:2020-11-03 13:46:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:h7Cn5cjtkUkYhh132mzthXNFkBeZWmL9HvdKiskcTP8vRL:FfP8mH0IL91BsfW9
Threatray 7 similar samples on MalwareBazaar
TLSH AE15ADF76242D766C80F023FF84B25619394DF2EADF8924E46C5F21D137C2DA55AC0AA
Reporter madjack_red

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/82031/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.7718.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/519124
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 02:23:18 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mocukdte2zkj6uzypkleu3z2ga56ccsf3zf5khpcnwix53nqj26a._file
Verdict:
unknown
Similar samples:
2b289b1dc38fa9bbd5086bb53a41d36466f899df423df495ae8e7bfd9b06e846
4efd69650a6654537a07b5e0e329281da26ca7da81a8f8c1fbcfa535fec76c50
6014abff3f883feb405938f546265bc9d6fd5a0397778d10fbbcf7e7a04370af
6dcc42aad646c84eadd068ea14762f62a5d769a6e03b65a859edea2749902dce
a7e8c4d24e013f48bed29fb9a5f0d80c60be249862213e142c7feb47f07ac39e
b2a4c9e1fbafc010c19f17103ed3454b96fd23e047a6a03cb01ecdc9f026709e
bc9b84eb54f77520586d762c86fd649adbda2b6fc78590e25e134cebde038530
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201103-ttg655jwxs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc
MD5 hash:
220a187444d15555a918fe092a4c4fde
SHA1 hash:
cea9ddd2198555486eb58f300f6f101e38a423d8
Link:
https://www.unpac.me/results/04aeff80-2c01-4e58-93aa-cfb871b73f24/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/82031/

Comments