MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 862e078bfc94bd32c322e406631fd175e02b13797ded79ba449ea5083b0d7716. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 862e078bfc94bd32c322e406631fd175e02b13797ded79ba449ea5083b0d7716
SHA3-384 hash: 9e59d0cbd1fa616421950b484f98e54ae15e0d819b58411f9149a703766f0cf327d29c1e7fabb686a69ad34f6813d34d
SHA1 hash: f3d5328e4a661648a8d4c502cddc789d38c2f30e
MD5 hash: 29fdcae56f978f61174f5e2861a81639
humanhash: seventeen-tennessee-west-cardinal
File name:Client.exe
Download: download sample
File size:14'848 bytes
First seen:2020-04-03 21:24:31 UTC
Last seen:2020-04-03 21:36:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'470 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 192:U+8C+EKS0O9ejYTDG8bcp4Ll92nieXubWyD9JEBkGxVX/qoNfRJ8:UNVjYTDG8gpo1eXTyD3EnxooNU
Threatray 50 similar samples on MalwareBazaar
TLSH FF622909B3EC4339C1BD07BC0DB242356371E5A79A62D71F1CD880BE8992BD55B20BE8
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.38271.21843.27905.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rrat
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 21:24:22 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0760806d2cb04dfa58902d85e3503e313805e8056565097cf18d4d24249679d3
21d1f5d2ad4ac80ac110333403909a91fe7094a91dc822400768cf10f8b346ec
23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1
42e23b5a0fde78a0677c91043c9484aa6a9942fadf7e535a07104ff0dd501cb4
58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933
5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83
6b04a84dd2ff70944c97604447866f11ce23135cafc357293dee242f868c3d22
6f03b44e93301e51660e62609d5a4c0982ecc139317e274c8450834a774a05b4
825de2cce7549059fc092704916dee1401491029efe6ea09fe2c7d51a1c2dabb
b45741c0c50256480cdffc15bd14a3770d895232c1e482e91f5e298daea023fc
+ 40 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments