MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fe8005b1469268e2edc5e10ee3b4b79ffe26c351d13313f8da14ef38db3d83d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fe8005b1469268e2edc5e10ee3b4b79ffe26c351d13313f8da14ef38db3d83d
SHA3-384 hash: 4258b9c7bbf7860ab6f02c808c5c9990b65c26118df598be16c2725f16e4e7fe90d1ad8b5ef0bf46a4cc468a58807508
SHA1 hash: e9c335301a0356018c0ca987f38ef39094e7635d
MD5 hash: f12be14f39988aa0e3eeb6c39cbba797
humanhash: arkansas-hawaii-fillet-florida
File name:6fe8005b1469268e2edc5e10ee3b4b79ffe26c351d13313f8da14ef38db3d83d
Download: download sample
File size:1'160'704 bytes
First seen:2020-06-10 07:37:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep 24576:SAHnh+eWsN3skA4RV1Hom2KXSmda/TYjCk1CQYFcd6igT5:Vh+ZkldoPKi2a/TYVIcxA
Threatray 1'058 similar samples on MalwareBazaar
TLSH A935BE0273D2C036FFABA2739B6AF64556BD79244123852F13981D79BD701B2233E663
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Autoit-7587553-0
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-02-10 15:28:07 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
25 of 29 (86.21%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
06d6ece1fa6b728d5b5f538d740a60626e99cbbe6df5bd5a5c3f2a8923b0fd98
15d88e59e80b15ed7b24ffd1a496ff718b76a6a7d06cc2be0d1f91e460871c12
1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954
1e2fbd7c74b38c43c9ef42fa5d48b8ad50122d2be85ff927de0080d331cb9369
3fb510b7526dc753632045edaf094073c45f74fefdc08b5c2fbb9f8e7ac483c4
6083d7084795ed9d60be324c610dbfab644a3e25c982755a93071e23db11198a
7cdf1294eb40f2a207f55cbb1a68761135500f64bb077a7f4ba9a7d3098850f1
b8006ee0146630c8c78a6fdc12fb7c1bef5508296cbcd8790aa88bf960cb5276
c0e957bd685417a90c9a53b926e2492a627b247357648d2a3857c6ce61630e20
f13513c8b2e9f663d86a33c0d86179aa25ae600b1fac25b79b7767b99be9b177
+ 1'048 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-el8gbwa496/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments