MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84b5f43282cdb9d3947e0be64ff3bec298c98b1c35e369a02bf0607a0d7b0de2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84b5f43282cdb9d3947e0be64ff3bec298c98b1c35e369a02bf0607a0d7b0de2
SHA3-384 hash: ad8bc76bcda8851a665d9843575aadf3d9404e382fba3f64bd69365970413d3edc6879b20c89dcb58502c719fea77de7
SHA1 hash: c1ee23799973c596b01c8d3c55703ee28b07d314
MD5 hash: dca92ada653fbc8f0660b246820fe6b1
humanhash: spring-sink-tango-hamper
File name:SecuriteInfo.com.Generic.mg.dca92ada653fbc8f.11698
Download: download sample
File size:173'568 bytes
First seen:2020-05-01 11:56:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'611 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:iPVMAIpzD46CzwS0/aoTZ9Ab79FNgXbUDVG2Yrk2RSRHEI+KMtUsmlmshtD0:irYXCz5ZOUJF6X2r2kWtUsmlb0
Threatray 117 similar samples on MalwareBazaar
TLSH C5045CE21E655793C90403F4907E0A47BE697D2C1980B6CAE4F8F995BC3E2C845EC6DE
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.dca92ada653fbc8f.11698.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Voda
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 00:29:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
113da3ad1ad4f6ed501ab344244892e53b6657628794c35c0745223cfb51153c
2890defa015590771a48e957d5a81dc2f2a6a86b784a8764f135cdd72f0d4e7d
49a56e067a73bb6f553b8df8a354d3b3328b8fffb64a459a1e719d86df89a322
6077a4c8886409d4677bcd79474063a7d01e120ba2d906d729f3950bdc58771a
6a866a73f707d04c9e541853f86b98d55a7fba344d1aeb3eb212bdec2fdd3f91
9c8bb36e3ceccec2d985267130bad6864b1d9cc8ab286f403d17287573ff897b
bfbfdc4aa175409b4354617bccfd96fe232ce53601cbe98738f819fcde8837f6
db2381bce24b9a6dc5dd36eec97d7cd8e9a0c8dd03b8710f109ae37ce7566934
e0d1c1f7fd8a8d07882ceeb4d681f9ff2b36912e9b0a8b182b3252599c2ea699
f0996fd1f27a193c71c2384d7a760b3db419a52033707d10f55283c9d2ea147f
+ 107 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 84b5f43282cdb9d3947e0be64ff3bec298c98b1c35e369a02bf0607a0d7b0de2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355413/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments