MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5
SHA3-384 hash: 04775856c03ecc45e57d4f7051c0fcfefcbed034d171cbd41acc0643a8135ffa4dbcbe872b9779d8ccb23bcde119a42c
SHA1 hash: f2aec0bd8bac6dea17ee8c0cf023a4dbb1cbb24a
MD5 hash: 14387dc5cc8b9755dc54372c54ac1911
humanhash: colorado-oklahoma-muppet-gee
File name:7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5
Download: download sample
File size:553'472 bytes
First seen:2020-10-14 10:04:41 UTC
Last seen:2020-10-14 10:46:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:+6zSIq+QlHmaYVXSVB/lIv6gdDoUGxevTAlIvriLm0Ft3P16R4Qq+RzsOmUd6Z1F:+DIdVEjPJloriS0nd6i8VmUO2c
Threatray 173 similar samples on MalwareBazaar
TLSH D0C402397364BF59E1BCA73C2950920017F6F204D32ADEADBEEC40CC19A6A958391F53
Reporter madjack_red

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70732/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42629.25425.31687.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/490801
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 297850 Sample: BojkaN8ddM Startdate: 14/10/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 BojkaN8ddM.exe 2 2->6         started        process3 process4 8 dw20.exe 22 6 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 00:39:35 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptuwruh4nvxpq35by47dqorbw7g5iapovko256wq2kza3yccvdsq._file
Verdict:
suspicious
Similar samples:
075f4501ad0996e018e7c89e859a6e5a5e97bc1055fae3dcf79b889198878700
386d18d45cb2b33504413196d292b00ef26db3758f5b5cbbb58ad240be7d7af6
7ce411ff4c9298f999527e39ad53f76697804e3ca427499db5da0292f8ef710b
82ed346da97a3a9f64ca97ea2fbc0034d0a713e8c0003f0e982f28b85501ae47
a2e772a2b72091fc5996f64198684e85e9d521f620d435c90e36d3327ad44592
abbc118eb1bf05f65a684916411d404bfb76e44bd498c9be15ba798561e9effd
d05ddf26b630675edbee36cba07cd0db94c645c4685a1c533b3a025c7a9669e4
d805b37ff430c59fbac19f5ccbbaa2eec750849def87f05c7bf14e68f8531416
e513fe3d22372fe4e0da834dbecd9fda11473a5861b195d9330b2b23c82650e8
ec66bb08e7be3e235c199b1f253e949fc4296b105b7046cca10ae732cf347873
+ 163 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-87aagjw8js/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5
MD5 hash:
14387dc5cc8b9755dc54372c54ac1911
SHA1 hash:
f2aec0bd8bac6dea17ee8c0cf023a4dbb1cbb24a
Link:
https://www.unpac.me/results/7255e6d0-99fd-44df-b82a-3587d7c6e4bc/
SH256 hash:
01dd844990e0c5fdcea0f88712253aa1ef4750316f0734ab7099306170b5ea2a
MD5 hash:
eb593633270aa19162cf64663df9dd6c
SHA1 hash:
2ec57181471ff10abe9a04239ca3ea86ea4252b9
Link:
https://www.unpac.me/results/7255e6d0-99fd-44df-b82a-3587d7c6e4bc/
SH256 hash:
2fd67b1d3abfbadd0a0b4e151bdd50f86d67efddb90191ae692f568425dfeea8
MD5 hash:
cdd7333f74726e1a7d25ad4d0bab70b7
SHA1 hash:
e7bf4b5ec2b616d672680fa8d7dfd5e1a4059b60
Link:
https://www.unpac.me/results/7255e6d0-99fd-44df-b82a-3587d7c6e4bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/70732/

Comments