MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a
SHA3-384 hash: c9102d744ca225a979c021dae331cab7f106cfdcd479f82d9214d8508004300ba3ef65015501b532ff36a737d621e90d
SHA1 hash: 1c22b0cd709ca869187b1ba522d6678c77f68688
MD5 hash: fd5fc953d241ed5c6f26aa67110e3592
humanhash: colorado-vermont-mountain-alpha
File name:a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a
Download: download sample
File size:678'400 bytes
First seen:2023-05-18 14:00:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:mPz70XrMAkk4dTus5FfSollbLsryvL4WElF3DKN7evRPSacrQjf/G79kw:JXYAkk4dTT6onLsrUrx25SBwKk
Threatray 2'167 similar samples on MalwareBazaar
TLSH T154E433B9E73A23E9C5116533D4135B48173F4703AE6A76336A28E0CB93E778B1A69701
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter JaffaCakes118

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
GB GB
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Creating a file
Launching a process
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a process from a recently created file
Forced system process termination
DNS request
Deleting a recently created file
Enabling autorun by creating a file
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/646630ef6687116ea47f4a7c/reports/0037ecf8-f3b6-41de-8d5d-1e0f9fd26068/overview
Verdict:
Malicious
Labled as:
IL:Trojan.MSILZilla
Link:
https://www.hybrid-analysis.com/sample/a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ac82f128-e644-4503-820a-e7c48b4bf21a
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1231217
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-05-12 03:47:39 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
23 of 37 (62.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ueyigdn5tfpu4ep5svzao2sr3mhkn6qmjv6fplgcy4rhjqc5icfa._file
Verdict:
malicious
Similar samples:
0cff8404e73906f3a4932e145bf57fae7a0e66a7d7952416161a5d9bb9752fd8
6a019592f49db789478da1f5a63e673824a8bffacff9f99c5528072fb3b95ba1
812f2741f662194744b33d6e51c4fbe11823d06e90938865aa4517974a072bc1
8d28747c371be7ce0a33ee57204dfccdd03c33fdc233f7283a09fd2c971b71e2
a7496f64d8f6fedf5d7684e9b073afc39f7f0254ca3a35de6383445a9235329e
d38dbda39b48417330b19ea7c0eb3e625ed97a68870f551a3c647d5da465a49c
d53c05389816a8e7280281873cbb49d2940ab0861d8052b0100f0d4dee9568aa
e718bac761f1620f87f08505b8b5c7e94178ed0c978cd85f6d6172c0d59e8f96
f1b80af506aaf5f0f42514a80a0e5a9828b59a567337554983532308ab3a996f
+ 2'157 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230518-rbqgbscb62/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Drops file in System32 directory
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a
MD5 hash:
fd5fc953d241ed5c6f26aa67110e3592
SHA1 hash:
1c22b0cd709ca869187b1ba522d6678c77f68688
Link:
https://www.unpac.me/results/c52b7944-5f0a-48b6-a2ef-a1a01e7b99b8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a130830dbd995f4e11fd9572076a51db0ea6fa0c4d7c57acc2c72274c05d408a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments