MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d86c85343b0e4a7a3275c1fe07e37868655bad3b69e136e6c43c15074b6f97a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d86c85343b0e4a7a3275c1fe07e37868655bad3b69e136e6c43c15074b6f97a
SHA3-384 hash: bfec871dc0b1318bef5f4dcc82b9fac1cbac48058f332b0614ac2f48ab8043397eef55392e1ce9af81af3b3f1cc21af1
SHA1 hash: ea7edc8d562550f7772139ed54ed90b5cd5640a5
MD5 hash: 210f5464afccedb15f011f6bc0e8c576
humanhash: saturn-uranus-violet-zulu
File name:4.exe
Download: download sample
File size:1'513'472 bytes
First seen:2020-11-15 13:28:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:4ecgWbRcAfsEWXcaAHbw8MI7Uw/DmPM1RgYENunRzCSl:4h
Threatray 7 similar samples on MalwareBazaar
TLSH 42650D3C9DC865A3D137F273A0B94196FDA5658672B94C4F02C73A082C9AF423E9774E
Reporter Marco_Ramilli

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis210F5464AFCC.31643.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/536321
Signature
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 317260 Sample: 4.exe Startdate: 15/11/2020 Architecture: WINDOWS Score: 60 22 Multi AV Scanner detection for submitted file 2->22 24 Machine Learning detection for sample 2->24 26 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->26 28 .NET source code contains very large strings 2->28 6 4.exe 3 2->6         started        process3 dnsIp4 20 192.168.2.1 unknown unknown 6->20 18 C:\Users\user\AppData\Local\...\4.exe.log, ASCII 6->18 dropped 10 4.exe 6->10         started        12 4.exe 6->12         started        14 4.exe 6->14         started        16 24 other processes 6->16 file5 process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d86c85343b0e4a7a3275c1fe07e37868655bad3b69e136e6c43c15074b6f97a/
Threat name:
ByteCode-MSIL.Trojan.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 15:21:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
31
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0137042c076d728f11067b31394854e43724b1b588a65d0718d696ac2efd7f3f
27288b137d69616f6b67a54f45c664e6990cf99202ca16b31d0f95cafb5463bb
4a2311968fb73e55620ce972659fc74159f8127ebccb826d3150bc6d19c0f793
59a680dd944269f001e9cd0c64baf199ca8fb8673caa18e7faf9cddc6562861e
62dc9a9e902b11b0b7d081ec0ce5e8f60605d244a9abfcd03ef464f0058100ca
86b4bb9ea11ac97ecf7390c0e4e2979b69c294c22c65931ff734926c9540a0fd
acd2d368c51ecef353154266a25f69f42d067b0c329ab3f503eb3e73c6c59665
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201115-v7sjaf82x2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
6d86c85343b0e4a7a3275c1fe07e37868655bad3b69e136e6c43c15074b6f97a
MD5 hash:
210f5464afccedb15f011f6bc0e8c576
SHA1 hash:
ea7edc8d562550f7772139ed54ed90b5cd5640a5
Link:
https://www.unpac.me/results/d64a8c1f-376f-4ccf-b5cb-28fb73ab2b5f/
SH256 hash:
2bda791295b4491214d8c1b6bd084da493d5819638a46aad5ebe4221ba0fa6d8
MD5 hash:
f4bdc165fb4c913ad48de97335e5aa0a
SHA1 hash:
9ff0645782d7f5abc8a8e394e095c848712619f6
Link:
https://www.unpac.me/results/d64a8c1f-376f-4ccf-b5cb-28fb73ab2b5f/
SH256 hash:
83c08f0721c8b0c96e3d6a8f3ccaf5c96fbcc427d574625c34424c3429fefaa1
MD5 hash:
3c5dbcc3bb27e913e14efd8054811373
SHA1 hash:
b0eba9388abddaef9d5aa49ccd5dbab2924cced0
Link:
https://www.unpac.me/results/d64a8c1f-376f-4ccf-b5cb-28fb73ab2b5f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
QQpass
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6d86c85343b0e4a7a3275c1fe07e37868655bad3b69e136e6c43c15074b6f97a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments