MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446
SHA3-384 hash: 0ef4153a9835d6a0b48e7d94f840a43015c1af55d0d1829dbaf4b268d26d582f706f49bd20c106fabac0e95a5094e5dd
SHA1 hash: 548a7e639da0966d1ecd1d4b92e6e527e8b62f53
MD5 hash: a5e9d51ec0c2752e94ccbbf452100a5e
humanhash: west-fish-jersey-blue
File name:SKM_DD3350191107102300.exe
Download: download sample
File size:467'968 bytes
First seen:2021-04-19 15:47:22 UTC
Last seen:2021-04-19 17:03:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'672 x AgentTesla, 19'494 x Formbook, 12'214 x SnakeKeylogger)
ssdeep 6144:Y68sNC/ny1HQ7vDp61/r6ZcQZlQgIbNnMUcMLPVo10rfLGDrehIBYnSmQcD9BsB:LLNanhA6ZcQZlQgKPS10rtIASS
Threatray 206 similar samples on MalwareBazaar
TLSH B3A4D03AB7A0BA56C91B4F7B4453128042F2CB977233F75B1CD85AE44E23A478B5F252
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SKM_DD3350191107102300.exe
Verdict:
Suspicious activity
Analysis date:
2021-04-19 15:54:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1310c907-5f92-4fea-925f-c1b82503d5b5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/138598/
Detection(s):
Sanesecurity.Rogue.0hr.20210414-2002.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/687239
Signature
.NET source code contains very large array initializations
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=remwhka2issfhfeswhd2vi6a75u2owhmv6tjndgsilogfgbmyrda._file
Verdict:
unknown
Similar samples:
261881b9a0b2810582a67284f52bb08f2da1567353648ca01032b581345d5854
3097b8c703159cf613aba9c2f42b090a391c060402af0c322b29f26e4bf4c22e
657a164783b53dc028ca6024f4df09f9e4a9b289e0a3216d2c686ec091a224c0
7107f4965f48165708f028a5541e4b945fb9fac1546c8a069752c2ad43065079
765b482b453872d5c03a3919057fac267ca22f85ff3b7fa3b2ea44c31b3a2604
884e1915901c600a0e0203c06de3a208a1adba49289f7ee8f910fa112782357e
9471595bf2143972c4037565358a16d5547a95cf76146650de667ce30dd063f4
c95438b7107da932d24c8a04dcf5ab9adccad56086566765c2f7c96cc08ec8d0
df9b8b0093bdcff2dc73e2da55ea3c94cc90febcf05c4bb4edde266b3f376a55
e122e45cffddf06da2e9b03d259b27cfc77e78f8e0f3d047dca47975a5f81687
+ 196 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
agilenet
Link:
https://tria.ge/reports/210419-d3ddz749ax/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Obfuscated with Agile.Net obfuscator
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 2c69c96d9a123e6b5fc3d2c940bb268faf6cfbed823b137d80a04ff7e361541c

Executable exe 891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446

(this sample)

  
Dropped by
MD5 8b1616446b16998349691d204e57ad21
  
Dropped by
SHA256 2c69c96d9a123e6b5fc3d2c940bb268faf6cfbed823b137d80a04ff7e361541c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/138598/

Comments