MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cb6cccdd4778a7389b5d832644a6086377d410023b64f348edcdec9b583caca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cb6cccdd4778a7389b5d832644a6086377d410023b64f348edcdec9b583caca
SHA3-384 hash: b1b1e7de8744c6f577a4c73f606c00fddc01542f2c3a6fdc80671ac0c0d4a35d25df52c553038349b5b143861766f57f
SHA1 hash: 9d4f7e6e2d01a0b7ece1fc7484f2760c7b7677c2
MD5 hash: 99bfcdcc14a7fe0cd9cf022067da3588
humanhash: maine-california-uncle-kitten
File name:Order List.exe
Download: download sample
File size:309'248 bytes
First seen:2020-04-21 10:00:27 UTC
Last seen:2020-04-21 11:06:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:rLuuAS8NmLhRxS82aRVVPc4UXtYgekGHRXz:ngmLhy826Epm3RX
Threatray 121 similar samples on MalwareBazaar
TLSH F264DF80D5FF82E2F6AD1BFF87A5340AC49414A76AB1DD29A3F8B56D331762D443284C
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.47753.10593.13877.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 11:26:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ns3mztouo6fhhcnv3azgistaqy3x2qiaeo3e6neo3tpmtnmdzlfa._file
Verdict:
unknown
Similar samples:
00e8d6de1e2450594b8e61c5f8ce0b7c0b0aff075e72e79b7be035203511abbb
1edff6ac1fc9753c98131da30896ed4d4e79770cbc798d5f4127c3dfc0eae773
3c87e9b118d4458f7d5255729dbc0a4d591b6455fdb2947d090d2651c98a50de
433e1ee086994d93024a91489e38956f763560211233565b0583e411c7cb071f
4b03b64bf84ef8f07e2977443d0df10bf847ae07da746c1a86518133757c3257
4f71d24c6a9ae3d4dc210d34e9b8e49f12b88f7f8cdccfe927873225887bf1a0
5d4a0b8b4924e2095d4f5a9a222c373544f51ab56b52d0f02b468bd9a6dd1672
825877592952d24e2e6bbbde94795ac3b3b8ef57713fd7a2d3f1a50dc70f7e98
c0faf5cdc6fdb3b78ca2588f1be8de420c539e6cfb29a60a21f558d74616a27a
e40357d04bce0f7e2ad38d7cbac842105e9f509f0cb2e1f74d154ad87850849a
+ 111 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

arj 397efebfb36a3b0263bd407e439cdd2eeecce77fc27d5fcd70012617a861de0f

Executable exe 6cb6cccdd4778a7389b5d832644a6086377d410023b64f348edcdec9b583caca

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 397efebfb36a3b0263bd407e439cdd2eeecce77fc27d5fcd70012617a861de0f

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments