MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934
SHA3-384 hash: a48be5d10c1dca09ab00eca6cdc3300fc9f12eebc60352ad1a65d478f39a6fdc5e2221fc4ad66513f4889eb42c10960e
SHA1 hash: 169f2c9ed071c8956609c74ecc2308a228bc6173
MD5 hash: 0a3d5bd4fec09f29dbbfb6a96a54c972
humanhash: finch-angel-zebra-comet
File name:9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934
Download: download sample
File size:352'256 bytes
First seen:2020-03-29 16:33:29 UTC
Last seen:2020-03-29 17:36:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:bODUcQz4BQfabb4OTUdK2OwkXCnoO1yuChIBe1wqnpalG4ynn33vnSOw:bObQhfaBrCXwCewqnpalmnnPSOw
Threatray 5 similar samples on MalwareBazaar
TLSH F97423C4CCCFE492F41FDD3DA4F6322D07E253910495C7D6BC2E29E12B96B5A4626392
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.0a3d5bd4fec09f29.5627.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genasom
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 02:08:28 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
64dc4778b395fe6ba6b4911bb39d41dc2a1d5cb0655c0f369b25b5e38f0e27ec
9b071bb883d03ad019622019118ed94894f8471ec7bff4982acc87267a552c68
a1b6faa0465ec8bf30e3450f9679f121ff9e724257577c38c813b77e82e1f42f
bec4fa4086e8913a708a4bacb710b4f88f82082a2d282641b24af1f31e6652b9
e04cdba2c9443b7a859fb328cf19fecd73b6a91d0964b405d56a42ee0721c671
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high

Comments