MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f
SHA3-384 hash: 714cf9880ef3110eda9c50b0acfd8b5ac92a2543911476cd3af2ee47f967255ebc1f936420dd7ec9741e244a8915df7e
SHA1 hash: fd91d3350e70fefc17c28868015d9e2fac52a42a
MD5 hash: 6305a3a34a29b81ae515b8fc8092d954
humanhash: batman-two-indigo-emma
File name:6305a3a34a29b81ae515b8fc8092d954.exe
Download: download sample
File size:1'103'872 bytes
First seen:2022-11-01 08:41:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:Jr2iNH7fve9CIKHXNu+/AJJ7SeWstt+xu57HcI+Ck06sL5JAzvrau6n0oHLU/Uhk:V1Ze9CIK3ZYR2u5zr+rqYtEY/U6WM
Threatray 2'160 similar samples on MalwareBazaar
TLSH T15035E13207D2970EC0235234DDD2C3B0AFE98EB5A6B6C3035FD9BD1FB5875A6AA11194
TrID 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.4% (.EXE) Win64 Executable (generic) (10523/12/4)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6305a3a34a29b81ae515b8fc8092d954.exe
Verdict:
No threats detected
Analysis date:
2022-11-01 08:48:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b5aff9b4-d542-41bf-9726-7307239b66b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/326763/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.389-2.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6360dbdfce1f43143c2a48f2/reports/aad68054-6d50-4e1c-afeb-43b54d0f8cc5/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6eaf69c8-2d1b-4c0d-8f98-8ae3b16099e7
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1102382
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2022-11-01 07:41:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
20
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ov6sahx42i4dej22o5utrpxf4sxuavtgxxqioylsy4ypv7ysqmxq._file
Verdict:
unknown
Similar samples:
01e953f7efe55cf5970090491b1fc25dce140a505dea9e74bb07b81e3ef4f89e
04cb7f26c4b9788f2271c0a08c5c867f3a52a2079a744522b6a8027b5a53f4d0
1d471d4c679e7c68369a2824adb475071d80878c73de43bce4635a410b4d3d17
23d6c5ae66bbc3153fc98ec29794f7b0db73802bad923004a783084e3b3ad3e3
3e63d0e2399f0f8636782e175b48e954c6ec90a8df027b11a77a817bbab176ce
640e1f98387d8184a8b69457da56206b24c7893b5568fa2c8d7cf6ce65f016ba
675031e66f09b7272a97ee19171d82d6f33e818f2b76164805759ac1177e7f31
7227c4e532a21d2e1a830b8e078bfd8ea886b7cddc6a1cdb6f17e1bc7125507f
a6996cdcd45ba92a63d8d10e8e8f59eaf7d9c3df956fb78fdbeb5cc3abc451d7
c9089b729c04a9c07067163df4e244a66e9ecf8122510f5d93aa9f2c1142039a
+ 2'150 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221101-kl2h1sagaj/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c6fa4069-407a-4aef-a2e1-67b95273ada4
Unpacked files
SH256 hash:
7f272c4db499b1501a5ea1711d23de0e6a0c07faf16275e9b01722dae889c7c9
MD5 hash:
dd8b9511dda8eb7c84e1621046828883
SHA1 hash:
7f715270ffcadcba5c3148d2a0cecfaaf6c2e805
Link:
https://www.unpac.me/results/48678e6b-7ebd-4c72-be98-18c33b07e3cd/
SH256 hash:
03e983cb5ff8a2dfe99c206ce6f5192602e4f4e4e7789f671e7ffbc0e3610972
MD5 hash:
559ef9f1d495cb847c4e4a6886d732e3
SHA1 hash:
71b58d81aa8e87e6d87932c9712e40216e75c99c
Link:
https://www.unpac.me/results/48678e6b-7ebd-4c72-be98-18c33b07e3cd/
SH256 hash:
757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f
MD5 hash:
6305a3a34a29b81ae515b8fc8092d954
SHA1 hash:
fd91d3350e70fefc17c28868015d9e2fac52a42a
Link:
https://www.unpac.me/results/48678e6b-7ebd-4c72-be98-18c33b07e3cd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2390740/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/326763/

Comments