MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d
SHA3-384 hash: c2933d3643f829bf82595b2c55246840cf0dd7b0dd2e44f0d51b154f111d9ae761fd4551d634a0b1078e8aa5d005268c
SHA1 hash: 154533d84df5af370fe785db1006d7a2608d7124
MD5 hash: 295a89feccf93ea0e55f95d486c5036a
humanhash: salami-carpet-montana-black
File name:SecuriteInfo.com.Mal.Generic-S.18530.21845
Download: download sample
File size:691'512 bytes
First seen:2021-05-05 07:12:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:F1fxhwL8mLAHefRIZtbVqrTwqEZAhtuEGN8:nZyJAH/ZtxqEZMtuE7
Threatray 255 similar samples on MalwareBazaar
TLSH 0CE45C0467E45B97C2AE03B9E198E23173F5DE05A25AAB8B590BF9F53FB339045009D3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/149922/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.18530.21845.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/711575
Signature
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-05-05 00:14:29 UTC
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uulvkkbh4sbdckostkdmofw6zltdm3l3vvoykin2nup5kjkhcr6q._file
Verdict:
suspicious
Similar samples:
1643306adbe8c7e38ee965ab974c1d074afc671c0e5aa0c2b50a18cc67036a50
3b019e395d076e03b3b4a2d9468d3acb36df69115e059119194fbd8dd6d1dd6b
3e4d51c93e584902549b54e3b22595a4f78a87a9eb4648be7af3b5cc6a682078
3ee82cb6b92599b06273f1a48091fdbab0ca285fb8147501a0392b8a2eba583c
567002ac9269007c402603a401d076a9d0dfa7e576ad0fc5eb4072be3acb5fd5
6bd0f63d69ebaa8e28b21e9b0f5c02e05c1213535b2881d080db1d09082e9f1d
79e2a3311700e87e6d5e4d5f8e23f8f6b5500aa9e25e71afb016df130f21bae0
a57e3df4a9633d46ac59b6a45a3ad21357acbf5182e841e16a820edf81138bb6
b33514e7b334b8aee694323114c7d2694f3cdb49c7614291ca8f064c23ff8542
dd9fd40438d1819fb9f9d72ddc6f5d06c1651aa6543ca6560819d27a764c68d2
+ 245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210505-5hffkw1y4s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
6a86197278980f71585213a7c7a403334561b40575a66736a7bfbda49f07e65e
MD5 hash:
17babafb54b1cf2c5865dd0bc4cba572
SHA1 hash:
2c0cc0b65f03608dd232d91011b57c11b32b3508
Link:
https://www.unpac.me/results/11a6baaa-d8d8-4bf8-aa1b-e1fb90d3ca10/
SH256 hash:
2c0b55c80a63ff9688e6fc97aedf092a93a869229674837166d15a0d294a3763
MD5 hash:
966aa7413dd9d7c86dd7ef311bcf3b38
SHA1 hash:
db7d23841bf235bab78bffcda655a978370f46a1
Link:
https://www.unpac.me/results/11a6baaa-d8d8-4bf8-aa1b-e1fb90d3ca10/
SH256 hash:
34bbea772d6bc2ffb6ff879346cf025379e6b65a7e76dcb94dbe61dc588ba9fa
MD5 hash:
a12bff5e88ef00d440dc169760b797d5
SHA1 hash:
fd4f32f1a3c5f9efc34ed101661f732cfac814b0
Link:
https://www.unpac.me/results/11a6baaa-d8d8-4bf8-aa1b-e1fb90d3ca10/
SH256 hash:
6136d1d1ae1435a99a4cebdece2696ef1b64109ff2d9262ca75f9a2231e78a32
MD5 hash:
6dac802a3546525d0b1dd53fc8f26856
SHA1 hash:
994ef150165b692379dd55a54213df459f702fbf
Link:
https://www.unpac.me/results/11a6baaa-d8d8-4bf8-aa1b-e1fb90d3ca10/
SH256 hash:
a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d
MD5 hash:
295a89feccf93ea0e55f95d486c5036a
SHA1 hash:
154533d84df5af370fe785db1006d7a2608d7124
Link:
https://www.unpac.me/results/11a6baaa-d8d8-4bf8-aa1b-e1fb90d3ca10/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
Rule name:INDICATOR_KB_CERT_04f131322cc31d92c849fca351d2f141
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:pe_imphash
Create hunting rule
Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a517552827e4823129d29a86c716decae6366d7bad5d8521ba6d1fd52547147d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1195288/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/149922/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-05 08:00:12 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0023] Execution::Install Additional Program