MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524
SHA3-384 hash: a78ad7ae6efe86403e2332a10aee3331388efb82fde27aebe90f19c1bb7338d3674a3bfd3d8da33572b6699cd4764d93
SHA1 hash: ff221ab036b2eefe88a11539dbe199c4045843f2
MD5 hash: c050d373293b8f2fe952065fb66a03b0
humanhash: pasta-cold-mango-william
File name:SecuriteInfo.com.Trojan.DownLoader26.35178.31997.31041
Download: download sample
File size:321'536 bytes
First seen:2020-08-01 19:29:24 UTC
Last seen:2020-08-02 07:34:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:47iP4w6RW+pGW6qKbBuYI5y8CdKnuIlBdaLPlAzjIeeod0KbJeowGA:xBp0VflRICHwn
Threatray 738 similar samples on MalwareBazaar
TLSH C8642B5036BE9FD2E2DB13BAC0E1AC10C3289827C7E2F34F94A95474B915369DC16B97
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Atros7.BCUE.11155.26937.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Setting a keyboard event handler
Sending a UDP request
Creating a file in the %AppData% subdirectories
Using the Windows Management Instrumentation requests
Creating a process from a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a recently created process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/406636
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 255548 Sample: SecuriteInfo.com.Trojan.Dow... Startdate: 01/08/2020 Architecture: WINDOWS Score: 60 32 .NET source code contains potential unpacker 2->32 34 .NET source code references suspicious native API functions 2->34 36 Machine Learning detection for sample 2->36 8 SecuriteInfo.com.Trojan.DownLoader26.35178.31997.exe 1 14 2->8         started        12 SamsungUpdate.exe 4 2->12         started        14 SamsungUpdate.exe 4 2->14         started        process3 file4 24 C:\Users\user\AppData\...\SamsungUpdate.exe, PE32 8->24 dropped 38 Installs a global keyboard hook 8->38 16 SamsungUpdate.exe 9 8->16         started        signatures5 process6 dnsIp7 26 tuttotone.serveftp.com 2.44.30.94, 49728, 9001 VODAFONE-IT-ASNIT Italy 16->26 28 Machine Learning detection for dropped file 16->28 30 Installs a global keyboard hook 16->30 20 cmd.exe 1 16->20         started        signatures8 process9 process10 22 conhost.exe 20->22         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2018-04-05 00:53:00 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0d852bfcbc49afecc18e426f7d694597966256d55c225a4ae798a7e98200b5ca
4bd12f48c0a5a1dd9a4c0dd17460f2941f3a1b2b11b95961b4092f07622eb5c3
57233018ececa82dadc167ce51622ecb6b06a4c08753c951a2a5e91f4b3629de
5c616e633ee33cf1ebc784661459a1990201bc9baf77c6c59a8ee5d1b25dcde4
76ff41be8f7f15dbb035fb27ad00cbd313d0d75745945b81642f10986fc83ffb
88c93fb2359cc5f0da6886983c67d923955d210daf5a458e382d024124a67458
cffb56dddf9b596328082781400f1b5a1d7a995719c78dbdcbe41b026c86010b
d47e8c71a8d7cd1722e5b09574c818f4db65ecb4e9696fedbe738ff29f0a6305
db4b9e3a0264451368c24fb5f9e9a8722bb0afc6fb184fca9a54b7cb1aec4249
fadcffc72696cb639334be446d2aeb90743b270276f48b730efbb59b73505a85
+ 728 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200801-5lftxrk6ga/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/407015/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/36961/

Comments