MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5cb0bac5412691a38b91ccb27b7cc476eb61c9d58f4828a7219f80d2286a4d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5cb0bac5412691a38b91ccb27b7cc476eb61c9d58f4828a7219f80d2286a4d3
SHA3-384 hash: 12bbbad758cd1a217ffa0df67c712daa176ee322bb6e0687730ddb8df19f1145d4699e07f5381649df84397098eb4769
SHA1 hash: 8672a1762a407632bef32cc07499be897e00146f
MD5 hash: e54a338d588f2b3a1e30d8fa6af0c55e
humanhash: yankee-fourteen-yellow-fourteen
File name:a5cb0bac5412691a38b91ccb27b7cc476eb61c9d58f4828a7219f80d2286a4d3
Download: download sample
File size:16'384 bytes
First seen:2020-03-26 23:50:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:J0dHCNf0hdvBaQ6Dt1qn6XLbLEYarfBSscmulYc3qegxd5:ttq6XHxal8Yc3qegxd
Threatray 46 similar samples on MalwareBazaar
TLSH AE72F90027E08731E17A477229724A418B33FA5B9831EA6E7C9C918F2F77B444623F67
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tiny
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 00:35:38 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5
09fe435d0a761f4ebf0a28d7c023bb5448f5b924f3296f5054392996a521fc11
34fc69d9d5119015a1f946f18069d1464c45e02b5716b91ae2c99eb493ef7242
4d9a3ce8ea01677b182e55858ff0373a94ae4dcd30e777aa9e5e71d61e40db37
5c7b6c75eee95614a740b733b6895346066ae6c893c7b7cc8885ffa425ca6c86
6f103ac2c04885d0f4e5df31e162676166cfa3f0b316d3ebb8ff1baf6f67a92a
9f8f76b6e791499bedf04630e7942a2e2d4792969d3c219b598f7a20596f767a
a5c337beb2e41e7d67b1059947b120be8634c3365eff2e9e8b03a6a5d518c5de
c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
f99107fb49e1a9ae31d72e1a052baa79ce419ce970bc521010885c98a3d6e6ac
+ 36 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high

Comments