MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 956924c4c488e005c78dc54ea5303ebb69544d21274c0afbce6e81ab0e7b21b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


1xxbot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 956924c4c488e005c78dc54ea5303ebb69544d21274c0afbce6e81ab0e7b21b7
SHA3-384 hash: 88ef69fae81c35e601d5821895e6ef2974ff053092d39905840bb9d1a90a67d79665115db4fc212371a6f131ea01ea46
SHA1 hash: 95728cff8c1c1622811f9e11806a10d70d45b763
MD5 hash: 54bbc4f3cbd167678b6a8b496116784d
humanhash: quebec-speaker-snake-jersey
File name:54bbc4f3cbd167678b6a8b496116784d.exe
Download: download sample
Signature 1xxbot
Create hunting rule
File size:460'288 bytes
First seen:2020-05-14 06:16:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 6144:SeLwhzR/qGK9/c4CWSCI+kG4zMFW4WwgMoFhPh9Bg45PH1EL:uRdKJc4CWSCI+kGFWDFpBg0PH1EL
Threatray 199 similar samples on MalwareBazaar
TLSH 05A4E5F22F548AF0C5981D359ED7E82C4391AF5156E1A2872A64B5CC5C322B36B0F3F9
Reporter abuse_ch
Tags:1xxbot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43120015.3401.16076.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 21:49:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=svusjrgerdqalr4nyvhkkmb6xnuvitjbe5gav66on2a2wdt3eg3q._file
Verdict:
malicious
Similar samples:
033741ca568e4e71a586be960e503415579b0520d2c9ecd298ed03becf406b9c
1xxbot
066bdbaf5b5526cc3040573bea83da7a384e0c97df13d50a7cc0716b1dd8e6ac
1xxbot
1aa5b67368a2085918c2494f407d32ae358bfaf7899e7b921d23afb75a760328
1xxbot
9d16660c6cbee0c09d8046e43cec9523ca047f7478723c7e04a255c644794c6e
1xxbot
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
1xxbot
b87295a4b2fb2d2f4df9d502d52e2f50a5e9b3ba9f56b17e252fa0f3022ae6f4
1xxbot
bb9a6a30edeb7a57f8868ddedba085307a4c27613994163b3c89a3070a04897c
1xxbot
d286b259d2a986d300bffff49e6047c2e48af4d85e6936703e7b167266fdcc63
1xxbot
d51861bee7da084197de80b44da801303efb75d19d27bad917eac7dd6036cb71
1xxbot
f59acd24bc0eb9bb88a1f4ce31daf924622666039f98f9426a63c6d2242a3617
1xxbot
+ 189 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-nk7sej6jze/
Behaviour
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Adds Run key to start application
Deletes itself
Executes dropped EXE
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

1xxbot

Executable exe 956924c4c488e005c78dc54ea5303ebb69544d21274c0afbce6e81ab0e7b21b7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/337938/
  
Delivery method
Distributed via web download

Comments