MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 822f7832a782a741be0c03dde47ed80575f26e2eebd4783eba490a5a2abece9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 822f7832a782a741be0c03dde47ed80575f26e2eebd4783eba490a5a2abece9d
SHA3-384 hash: 4fae57b80a43a1124a7ef27ec9bb7f912ff5929781e5a2d762488097bf67a93146f0705d8eeb45c4edcc51aacf46f6c3
SHA1 hash: 48d733a512f78a696d24266219b0b7d608eb0107
MD5 hash: 7a62ee84258af9fd20b1131ab4686f09
humanhash: ceiling-comet-sad-indigo
File name:SecuriteInfo.com.Trojan.Siggen9.41282.23168.2704
Download: download sample
File size:11'264 bytes
First seen:2020-04-21 22:52:06 UTC
Last seen:2020-04-23 07:14:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 192:0LE5i1F7Q4PBVRnlYJLQFLTdXZ67L1lSn6V:0Lh37JBMUFLT9ZSJkn6
TLSH 12320711A3D083B6CB6A07736EA3A2205B36EB1C5BBBDB9F05C4A5B75E631440F52731
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.41282.23168.2704.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Avemaria
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 20:12:41 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 822f7832a782a741be0c03dde47ed80575f26e2eebd4783eba490a5a2abece9d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/347816/
  
URLhaus
https://urlhaus.abuse.ch/url/348113/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments