MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 886abe57efb7bac7a4de25e009e8b89d314e6737ed3b10e29c8cafb9206c651b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	886abe57efb7bac7a4de25e009e8b89d314e6737ed3b10e29c8cafb9206c651b
SHA3-384 hash:	c9811c530ffd6587dc6f9433bb726e0c9a501cf4f6c5a8661eadeac63eabafa848c7f67e0508117a4687ef8e05bf4d1a
SHA1 hash:	d2f198fe83a9da79814c8f2ee912674ed4ddc54e
MD5 hash:	c1e7b73b06549bde56a6c21107bbd2e1
humanhash:	cup-lithium-asparagus-don
File name:	Purchase Order_pdf Product Specifications_xls.exe
Download:	download sample
File size:	427'008 bytes
First seen:	2020-04-20 13:56:38 UTC
Last seen:	2020-04-20 14:51:27 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	12288:EJ5PiamIj/7P4mgbPi5LCziMKoREvo5ljHk:GPA2DfKV2XGjHk
Threatray	2'268 similar samples on MalwareBazaar
TLSH	2D942362AB1ED077C56E0A7A481992084B362646B042EB647EFC75BC86B37C8F701777
Reporter	James_inthe_box
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.AgenslaNET.1.25421.3145.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-18 16:03:01 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rbvl4v7pw65mpjg6exqat2fytuyu4zzx5u5rbyu4rsx3sidmmunq._file

Verdict:

unknown

285dfcf7b80c7e082218135e3b93eecd1b623ef2a86c5d3bdf9c51978d1ee62f

79aee42afbd9b6b6c639d56411291d60d0fa0058a71b831460cf0476ed99ed36

7d4ece884460b1bf17b3de45eaea64b28f2bee38e8e29265816d33f134873886

8425c75594dede14f2b9c7810e6c8824c7666329eee6866beed84e1f7674bc70

8d8991fa8728e69af3d21272ddca73ae8eac076e105058a6901ad831bed64aa7

976abbb8f188572f8f2dc301739f6edf94fae0ce2ae30d633f82df36ea79a42d

9a6951c6f3c33c217edd9a4e32f5422c4e125b909d0c88e190b76eb695f05b72

ccbd1c75dcdc38d5e34a96583e808c960836e85d76e87de04c13ea420d380286

f18587b09cc9e48c6fcc74391510ba261d04cd3a788201aec2375d97a87f486d

+ 2'258 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample