MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a84b5c7ebc04f12108ed7a2e344d66387eafcc216a1b846581c85d68f7dab42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a84b5c7ebc04f12108ed7a2e344d66387eafcc216a1b846581c85d68f7dab42
SHA3-384 hash: 3f6bcb92e1b41f96e1cdb0ae5840c3ca7887b9757a07d3dc7bc109f0656f2a80afe9ad1026f9e4f17da7813f7c39081e
SHA1 hash: 46ffeb005294777e71a471f2361ecbce95851c9d
MD5 hash: 7f0c56dfcd958192484d47f4c5f8b5f5
humanhash: wyoming-wolfram-bravo-aspen
File name:NOAHLEE_crypted ARK.exe
Download: download sample
File size:760'832 bytes
First seen:2020-11-27 10:12:12 UTC
Last seen:2020-11-27 11:43:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:LQAcb1D1FNDIkqNeKmGuSXmNmuTWzVbXdLdLwmLc88+rLQxM5zPvE:LZcN1VKruZUEWzVbXvss8w5LvE
Threatray 6 similar samples on MalwareBazaar
TLSH 69F44A23338C87D8C76C7FF8A031116B77E5AA12872DE6ACEFD5CC8B1B5195406B6681
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105798/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/549162
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a84b5c7ebc04f12108ed7a2e344d66387eafcc216a1b846581c85d68f7dab42/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-11-27 10:13:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pkcllr7lybhreeeo26rogrgwmod6v7gcc2q3qrsydsc5nd35vnba._file
Verdict:
unknown
Similar samples:
604c5713efcae0dfa43aced2c14082eb92558484caf074a1b2f340de7c717912
608593a7eff00bb35776f51d9a95f6cc9eedf0725067cbfae466a2d3ae3da083
6d51ffc87335d671ff7414bfdfa7509ae28b4b654ccbab49171ba8751a0c9d06
7284fadfc4b7e38aa57e4b57f9ee7bf2e6d17f5ade70779440d2d75f8a84e6b8
74a2af0c19a872a5230b71224613e6c873056ba409c2e9d1b3c89a6ba3619000
dc4eaa151b01375e0ba2392396b60e6abebab99e5590c93ab23ee3063aba5eb5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201127-yewygsfmra/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
a3a008b87ded765ed76c9bedd06dbae5f62edd573da15d376cb3fb91b4bd7f09
MD5 hash:
5ae25f51e2881f74cc9e057ef48c02a6
SHA1 hash:
a8e9e48e0e788e76ce01e923946bfb0c2098b39c
Link:
https://www.unpac.me/results/e4384491-f53e-4996-8c6b-d6cf129e0fc9/
SH256 hash:
7a84b5c7ebc04f12108ed7a2e344d66387eafcc216a1b846581c85d68f7dab42
MD5 hash:
7f0c56dfcd958192484d47f4c5f8b5f5
SHA1 hash:
46ffeb005294777e71a471f2361ecbce95851c9d
Link:
https://www.unpac.me/results/e4384491-f53e-4996-8c6b-d6cf129e0fc9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7a84b5c7ebc04f12108ed7a2e344d66387eafcc216a1b846581c85d68f7dab42

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar e41c5db1aa04e71071875bab960d82e810efe17b6f182f8c80024ab19c9e8ee3

Executable exe 7a84b5c7ebc04f12108ed7a2e344d66387eafcc216a1b846581c85d68f7dab42

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 e41c5db1aa04e71071875bab960d82e810efe17b6f182f8c80024ab19c9e8ee3
Cape
Cape
https://www.capesandbox.com/analysis/105798/

Comments