MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82f0e1396de9c8556d3f7c60e7fb8362f124bc61615829fb6d53bc8170ec90a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82f0e1396de9c8556d3f7c60e7fb8362f124bc61615829fb6d53bc8170ec90a3
SHA3-384 hash: 2175aa8502441ab277d05a2a8d6338264cd2a67c8bfb1132e5f3721e413bded9700fde5656b27f4e9dcb4da2bea398a3
SHA1 hash: eac8d163d4821869502f2c785a0121b0815f988c
MD5 hash: d3075074ea5db0e6da958f12e0dd15f6
humanhash: princess-princess-twenty-paris
File name:82f0e1396de9c8556d3f7c60e7fb8362f124bc61615829fb6d53bc8170ec90a3
Download: download sample
File size:694'272 bytes
First seen:2020-03-24 07:41:34 UTC
Last seen:2020-03-24 07:42:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:liPTQtw23f0w6zXkHfNIXEg7jMyMGIFwmgtvV01be/Yozkq9FKhivD3oTU3SE:lirItv0Hb8fNI0CSSmgtN0hGYozv9Fia
Threatray 152 similar samples on MalwareBazaar
TLSH E7E423113BACD239CEA52570836329D12473E3A164AAED5C5C4F874BA6EDB4F1317372
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Agent-7640304-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2019-09-06 08:35:56 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
09862d16ba8e513ce4cc3c98d2fc0c86247a7d42394209b3eb590ef6ddf80494
31b85fde884193b976d6cae2209bd2c95f13d6de5d0ff4206612a8768a0c65d6
43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797
4d056b87049ec7fce672b40190bf8b5f9185395b7313d05bc196a655e7fe0c7a
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59
82d32f5841ba04262e4b1a15d798cfbd69a4bc9ebd37caf3573818e7a2140639
b40033d4fbb95133ea43eb57707b067d2bd92dede16f12ac74eeff008c491e53
d72189427c4e17ccdf9d992e0eaccffd7197448a89800b56e51969aeeda3e740
fff57207bf2d6326bc580cd9788e36ec52437e472d26d49c015685525415d7ee
+ 142 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 82f0e1396de9c8556d3f7c60e7fb8362f124bc61615829fb6d53bc8170ec90a3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/260671/
  
URLhaus
https://urlhaus.abuse.ch/url/260674/
  
URLhaus
https://urlhaus.abuse.ch/url/260677/
  
URLhaus
https://urlhaus.abuse.ch/url/260695/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments