MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 925311bdbfa0285cfae2b80d91ac95713895b0e450c0f421d3418e4e5cbf0920. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 925311bdbfa0285cfae2b80d91ac95713895b0e450c0f421d3418e4e5cbf0920
SHA3-384 hash: a82eb21aaac86525e5be7a0e73798c7769403c2f5353811a03526d21c8982c02dffd2fc2c7499cbdb1c5623489c83064
SHA1 hash: 967b4cfda52a3060b9fd092ad5d31419d71107fb
MD5 hash: 3f5e25f9d1d8d802b3e785fe0955c651
humanhash: apart-lactose-romeo-neptune
File name:3f5e25f9d1d8d802b3e785fe0955c651.exe
Download: download sample
File size:398'336 bytes
First seen:2021-02-27 06:57:21 UTC
Last seen:2021-02-27 09:04:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:NCrdW4WlgNjwAbHKNFXgap3ST/9YlSXLHQ5tIOuT7w100SyYJfzo3TxS:NCrfdwbKlYlOLHQ5ATk13ixzojx
Threatray 3 similar samples on MalwareBazaar
TLSH FD849E31378CDF46E73D87BD8064111063F1AA03E761DB9F7DE560D91DA2FA28262A87
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3f5e25f9d1d8d802b3e785fe0955c651.exe
Verdict:
Suspicious activity
Analysis date:
2021-02-27 07:00:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6758ccd6-38c5-4e8c-9f94-95727eea10d4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119579/
Detection(s):
SecuriteInfo.com.Artemis3F5E25F9D1D8.1618.10144.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/620354
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 359170 Sample: WdnpgfCUgr.exe Startdate: 27/02/2021 Architecture: WINDOWS Score: 68 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected AntiVM_3 2->21 23 .NET source code contains potential unpacker 2->23 25 2 other signatures 2->25 6 WdnpgfCUgr.exe 3 2->6         started        process3 file4 17 C:\Users\user\AppData\...\WdnpgfCUgr.exe.log, ASCII 6->17 dropped 9 WdnpgfCUgr.exe 6->9         started        11 WdnpgfCUgr.exe 6->11         started        13 WdnpgfCUgr.exe 6->13         started        15 2 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/925311bdbfa0285cfae2b80d91ac95713895b0e450c0f421d3418e4e5cbf0920/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-26 14:59:01 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
62b54609bea9a6af4f71daa41bfaeb75235f662d608480020257a9eba7255dd4
a6e5ce54fa87a5b2a2e2abb4a6d69d9d571fb7668fd2535f319eb9b5ff5b6c6b
b5ac8902c4d239f5f72366876e99a586d3aaafe45c9a9e098c8ded9a2db7615c
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210227-lxl9eqfnjs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
e624003658c4f8b349f567c82229fd15d1e63d3d20fe6f7b4388403038cd2a44
MD5 hash:
b6ce7c1d81b9271eab825ea63de154c3
SHA1 hash:
0e7b89555314f8908c1098b652c9bf50e5ecc27b
Link:
https://www.unpac.me/results/9e34d1ca-2455-4b79-883d-43c96d7e4b01/
SH256 hash:
925311bdbfa0285cfae2b80d91ac95713895b0e450c0f421d3418e4e5cbf0920
MD5 hash:
3f5e25f9d1d8d802b3e785fe0955c651
SHA1 hash:
967b4cfda52a3060b9fd092ad5d31419d71107fb
Link:
https://www.unpac.me/results/9e34d1ca-2455-4b79-883d-43c96d7e4b01/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/925311bdbfa0285cfae2b80d91ac95713895b0e450c0f421d3418e4e5cbf0920

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 925311bdbfa0285cfae2b80d91ac95713895b0e450c0f421d3418e4e5cbf0920

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/119579/
  
URLhaus
https://urlhaus.abuse.ch/url/1002465/
  
Delivery method
Distributed via web download

Comments