MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98a294ca4d80e911198ef121f3d1f170adba61b11c25dea304eaf4e6cbe7d52b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98a294ca4d80e911198ef121f3d1f170adba61b11c25dea304eaf4e6cbe7d52b
SHA3-384 hash: e5315da684adce648a56081a6b877915731372f1c7d3cacad001cc3450515796caac4ae5f8ffb75802fa71fb68985be0
SHA1 hash: 7ecbf1e1277de8eed8635278e1bbd3677e8da508
MD5 hash: 5609e4070766f677a696238fae17ed0c
humanhash: fruit-two-march-cup
File name:SecuriteInfo.com.Trojan.GenericKD.33742072.4215.31375
Download: download sample
File size:524'288 bytes
First seen:2020-04-30 01:07:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 384:emSSKr0DxFp6Au1N6hGc8npGCnvnIqna2QK+9gEU/68XYWW5wWr+OW:cGu6IxnpfQEKOi9M
Threatray 116 similar samples on MalwareBazaar
TLSH B3B4D6257BD48735E8BA87F449F4868586B0B1975812DB7A0CC670DB4A23BC48F623E7
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33742072.4215.31375.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Small
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 21:01:36 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
11ca15b773dcbc4abce7a43e410f7515b052c9a75a6f71370d8de601f720459c
2f2f4e4a8e1e7225add6f169ba0852b4359d9ba7cd6f95e118b90af820671dbb
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc
642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5
6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a
701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4
aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba
d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8
f3fef410e218d09456d23023230eeb7e1ed3277b2fe8b89f51cdb6d863a525af
+ 106 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 98a294ca4d80e911198ef121f3d1f170adba61b11c25dea304eaf4e6cbe7d52b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/354285/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments