MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f
SHA3-384 hash: 3f99682c549a63c009e6ef196a8991d4ee991d5b8b917e5d1622a8b21f3ff269f609fc95e4bb6287f0c2081b5f1b5095
SHA1 hash: 34cfbe843705971be79f3d51b9ad5b98b35b98cf
MD5 hash: 554a4a7704f705e261d16d8d32017700
humanhash: pasta-bacon-neptune-utah
File name:554a4a7704f705e261d16d8d32017700.exe
Download: download sample
File size:817'664 bytes
First seen:2021-01-11 07:48:24 UTC
Last seen:2021-01-11 13:54:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'653 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 24576:hWy1UDA0uH1ZonQzFPBXhcqBvxG8t3VlQpuotTo:8yv12QzFZXhH8yotTo
Threatray 2 similar samples on MalwareBazaar
TLSH D40512802AA4EBF3CBBC43F811A6AD0553B575220972EBDE1C52A5ED8895F4F0D31B17
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DONG YUAN 17-B20121001 装5000å ¨STEEL PLATE.xlsx
Verdict:
Malicious activity
Analysis date:
2021-01-11 07:23:45 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/a3fe60ca-866e-4335-b7d5-781f8104a6ff

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111219/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.bc.16308.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/577665
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-11 07:44:23 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
5665d5a0641bf4587dbd2454029cd1e9b2f41bbb8d673c30eaa8055a5f7a4985
681ded4187765f7257d44627a399ac03ffd9480c32204a6f72b5d172abbc907a
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210111-2hvjjqfkre/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f
MD5 hash:
554a4a7704f705e261d16d8d32017700
SHA1 hash:
34cfbe843705971be79f3d51b9ad5b98b35b98cf
Link:
https://www.unpac.me/results/eed1bffc-3de6-4913-96bd-c08fe8eb1f6e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9f1ff6c0fb5372c126e41a41142d20908f8208a95268fdf3706286799d9e181f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/952191/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/111219/

Comments