MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93b7d40ff2cb063322e1dbe15a92d83dc2dfab73de4795d3d625f658e34cb300. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93b7d40ff2cb063322e1dbe15a92d83dc2dfab73de4795d3d625f658e34cb300
SHA3-384 hash: 6dbe25e7b7a9e5addc21b38da1faf9d4141ea7c091409547651d5e76960b275d42ed5874f97483bb3ce5c90fc757dc02
SHA1 hash: ac09305b9393d0483aa897716b4a619f8d78387d
MD5 hash: c23744a31762ff3d7c45726f5b664f72
humanhash: whiskey-steak-bravo-failed
File name:Ohms.exe
Download: download sample
File size:675'840 bytes
First seen:2020-12-01 17:57:17 UTC
Last seen:2020-12-01 19:49:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:7JL1Hd1r92qPVGNbTuMuKBD7hpvAIBLwBh4tIsbXIHBSC2Kg4yveMuR:XST0sDdPUBi2s+BSC2KVyveMQ
Threatray 12 similar samples on MalwareBazaar
TLSH 10E46C36AF591929F5769B7C85A02191B66E6FD3B307CCAD24B622CD4B33E0399C103D
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106277/
Detection(s):
SecuriteInfo.com.ArtemisC23744A31762.28779.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/552731
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93b7d40ff2cb063322e1dbe15a92d83dc2dfab73de4795d3d625f658e34cb300/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-01 15:30:55 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
186519bfd9147fc835be7aef50ff15456e53210bbbeec69d0a0d6412999121a3
27bec5b0582b3447dfbf1e2cca8afae778532caa31b449bebb434d5468cbe3b7
419866e243e8c421e9ddaa512c0aaabb4454b57e684855d23576daa570a58957
5b9bbcc02ae5f03ba293dadb07fb76f26ebfd73eeae1b34de21522fe638b3167
6bb732e1c22295b2fa6970a286225d14bd7c6fabef714f9b20c3a622bb8e7645
7ca2e77373e52431f89441df57949f8ed73f5d3cf5873f964b4c00446770d5fe
7d10eae2e141f8889b698273686a9f1c1bb8959f1e62778cd60741dc21133457
a00a6fe53b7e8d3f5ab9d8b8ab2119c9d3fcbe2b41a1fad6b29ed37e493a2ba0
a476fbd9ad9588a76e607bfe483d7f7561576fbabddce45b2b6fea4b78ae03a7
d5ca3bee133d415edaa31f54bb1a9edae59396550be3de08a65d29fb1164200b
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201201-cgazvyl4cs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
93b7d40ff2cb063322e1dbe15a92d83dc2dfab73de4795d3d625f658e34cb300
MD5 hash:
c23744a31762ff3d7c45726f5b664f72
SHA1 hash:
ac09305b9393d0483aa897716b4a619f8d78387d
Link:
https://www.unpac.me/results/24ea324f-bc39-4204-98ee-da7d6ea3f3b8/
SH256 hash:
9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f
MD5 hash:
7476e403eef14ac403c63c7279831780
SHA1 hash:
8387f558e30dc115987ac2b5c174a41302471abf
Link:
https://www.unpac.me/results/24ea324f-bc39-4204-98ee-da7d6ea3f3b8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93b7d40ff2cb063322e1dbe15a92d83dc2dfab73de4795d3d625f658e34cb300

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 93b7d40ff2cb063322e1dbe15a92d83dc2dfab73de4795d3d625f658e34cb300

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/878763/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/106277/

Comments