MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a90513022b3dd1bdcf85046b17b22a77df58a344cff5c0abd8e7a72a5cfcfc3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a90513022b3dd1bdcf85046b17b22a77df58a344cff5c0abd8e7a72a5cfcfc3
SHA3-384 hash: 1fa249c4eb129001e09a041f0bd5617f3d4d0a74342e23a9e13e87bd051278d486aff430b00a5c0c430c6d8223c9ce83
SHA1 hash: be23336be3ec25f2f14c15baad3b2f9f7db14f68
MD5 hash: e78b0dc561fd317b61b9b6059a3b20be
humanhash: connecticut-louisiana-stairway-high
File name:e78b0dc561fd317b61b9b6059a3b20be
Download: download sample
File size:982'016 bytes
First seen:2022-11-04 00:41:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:k1+EY/U6WMv1HyRoFoHAQZTb4ZnyqoZ+v:k61tHyR/Vlb4Zntocv
Threatray 2'327 similar samples on MalwareBazaar
TLSH T12E25E03607E2970EC4575234CDE2C3B0AFE85DB5A6B6C3035FD8BC2BF55B1A6AA11184
TrID 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.4% (.EXE) Win64 Executable (generic) (10523/12/4)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e78b0dc561fd317b61b9b6059a3b20be
Verdict:
No threats detected
Analysis date:
2022-11-04 00:44:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/242a716e-2278-4405-9f41-8e83d010ff95

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/328292/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.389-2.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63645fdb3c6c57b4ec40e714/reports/6b69e5d6-2bd5-415e-8df4-46b72fc065bf/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b0b6e632-b36a-409f-ad7b-88105dd22004
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1104993
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a90513022b3dd1bdcf85046b17b22a77df58a344cff5c0abd8e7a72a5cfcfc3/
Threat name:
ByteCode-MSIL.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2022-11-01 04:03:16 UTC
File Type:
PE (.Net Exe)
Extracted files:
20
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rkifcmbcwporxxhykbdlc6zcu567lcrujt7vycv5rz5hfjopz7bq._file
Verdict:
malicious
Similar samples:
01806b54d4f7fb6826998ad50d20bdbf4da4a15eeb805507f6a48565ca1b706f
1d471d4c679e7c68369a2824adb475071d80878c73de43bce4635a410b4d3d17
23d6c5ae66bbc3153fc98ec29794f7b0db73802bad923004a783084e3b3ad3e3
527f17988c3928873c376e684ed6790196cc1f0bf9b76346f5f645a0aa7441ac
675031e66f09b7272a97ee19171d82d6f33e818f2b76164805759ac1177e7f31
7227c4e532a21d2e1a830b8e078bfd8ea886b7cddc6a1cdb6f17e1bc7125507f
757d201efcd23832275a776938bee5e4af405666bde0876172c730faff12832f
827cc8f0e2f93edac3895ba6897e4768d6c3663b0b64c80988129065295d31e5
d352ebcdd13823110d1ac74dad2ee4c2322e3c7ac36ca2846a97a8d6e65dad58
f1a2c8e5da73bd931f2475bad35f0b46b01f35e5c39b1d8221cec8bb478bc1ef
+ 2'317 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221104-a2b8ysbddq/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/75493bf6-f9b5-4e71-a9f6-b2cd283cb292
Unpacked files
SH256 hash:
7fa3720c44b7b46ea0f1d0e9aa6b164e196ee0f8d7c79bcd282f5b86cd41c7bd
MD5 hash:
210cf57aa172b201b77e52b991801662
SHA1 hash:
4556fe5ddde7b9706ae33ad40c56fe0f269c8b77
Link:
https://www.unpac.me/results/6248782c-eabd-45f8-a3da-a664b921e565/
SH256 hash:
744928a56b4d36f17e73eea0534c5e99103d1553d5b0a864a6fd9d4f9899b47f
MD5 hash:
91fed5db1afcdf48e0cd6d4058a013ba
SHA1 hash:
3717b3346e25d3f66f00626ad1a771d8655f485f
Link:
https://www.unpac.me/results/6248782c-eabd-45f8-a3da-a664b921e565/
SH256 hash:
8a90513022b3dd1bdcf85046b17b22a77df58a344cff5c0abd8e7a72a5cfcfc3
MD5 hash:
e78b0dc561fd317b61b9b6059a3b20be
SHA1 hash:
be23336be3ec25f2f14c15baad3b2f9f7db14f68
Link:
https://www.unpac.me/results/6248782c-eabd-45f8-a3da-a664b921e565/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/8a90513022b3dd1bdcf85046b17b22a77df58a344cff5c0abd8e7a72a5cfcfc3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8a90513022b3dd1bdcf85046b17b22a77df58a344cff5c0abd8e7a72a5cfcfc3

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2400060/
Cape
Cape
https://www.capesandbox.com/analysis/328292/

Comments


Avatar
zbet commented on 2022-11-04 00:42:05 UTC

url : hxxp://192.3.136.167/430/vbc.exe