MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03
SHA3-384 hash: 573bf0eb366695e3d95e62ae7238a8318b2dca0d9c07bf2895e8bdc7a2b2f0816cd54c8e715764858df228df14d8a888
SHA1 hash: b85c7c106f6f3a906b4ddc66411cc0086d713023
MD5 hash: 9ab536751e8ec4742929671a685bf6da
humanhash: network-comet-don-indigo
File name:9ab536751e8ec4742929671a685bf6da.exe
Download: download sample
File size:104'815 bytes
First seen:2022-02-27 09:46:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:INWdRjPXbfijE32GhNvJJisPbWXnjWq81l9N4/ni:INOXbT2GhNBzPqXjEwa
TLSH T19EA3F1097BF98505D6EA0EBB4BE7DE9147F1C4026065D82E2CDE178C066FB919F80A87
Reporter abuse_ch
Tags:exe RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://bazaar.abuse.ch/download/741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03/
Verdict:
No threats detected
Analysis date:
2022-02-28 06:09:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4ff2f0a3-bfec-46ab-ac86-17bc817d1b83

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/245066/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe obfuscated overlay packed replace.exe
Link:
https://www.filescan.io/uploads/621b4899dfdfa8501c64fd59/reports/5ac2b522-8d88-4da5-be28-c4cb1091a53e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f4cbf41d-93c7-4495-b9ff-0e04b6ece11f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/946897
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-27 09:47:10 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220227-lr7snabhg8/
Unpacked files
SH256 hash:
741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03
MD5 hash:
9ab536751e8ec4742929671a685bf6da
SHA1 hash:
b85c7c106f6f3a906b4ddc66411cc0086d713023
Link:
https://www.unpac.me/results/c42ebe5a-39d0-43d7-b6f5-256758bd1d54/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 741c00724be0b19957f53856cb67b4ff632a5c5e5174124820ae880ad3239b03

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1845223/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/245066/

Comments