MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f92424570c1a34ee3cce9c2d1ab03cd0d4386e01ad596ac09cf33b78c85dfce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	8f92424570c1a34ee3cce9c2d1ab03cd0d4386e01ad596ac09cf33b78c85dfce
SHA3-384 hash:	75d9739202b1c64a44740723cb7311ebbfce4e3a028cc906922472775ffdb2c050c2af728661aeecc4074b73672b6e62
SHA1 hash:	edf4f92bc1e964e7eabcf06a14912a5fdb24d96c
MD5 hash:	e29681298e97271d9c1d1617acde077b
humanhash:	fish-pizza-texas-harry
File name:	SecuriteInfo.com.Trojan.Packed2.42414.29260.27408
Download:	download sample
File size:	881'664 bytes
First seen:	2020-04-20 17:31:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bf5a4aa99e5b160f8521cadd6bfe73b8 (434 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep	24576:9k70Trc3Q2bNmfB2227NG/a+JP6XI26GM:9kQTA3fgZC7N6a+dsI26GM
Threatray	224 similar samples on MalwareBazaar
TLSH	D51512217581C2B3C4B6483085FAC7AA5D3974321776C6E3BADD1BBF6D216E062352CE
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Packed2.42414.29260.27408.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Grp

Status:

Malicious

First seen:

2020-04-12 02:30:14 UTC

File Type:

PE (Exe)

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Verdict:

malicious

3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e

46acd0d4a4fe7f2c6b54d380f1c0a5aa371f0afadf2373c5df40ed20d5b3f90c

4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626

555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc

642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5

701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4

87ff4257e145cb109c3a91260b9412e0bf13ab481ee0d2e592254f8dd77db458

aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad

c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424

+ 214 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8f92424570c1a34ee3cce9c2d1ab03cd0d4386e01ad596ac09cf33b78c85dfce

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/346882/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateFileA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample