MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a
SHA3-384 hash: bb32ccf0f907d2fcaa9b8c2f96e2abec0b6c68d234d31db70d5d545a8a4f44426279ec8f12ce5e6a5ceb5b3fcbb2218d
SHA1 hash: e05b736b242058ece813d4781826390816ad41c9
MD5 hash: 2819d4021c3b9d2256d0ab1829942f3c
humanhash: william-helium-pluto-berlin
File name:wP3TwzqN.exe
Download: download sample
File size:29'696 bytes
First seen:2021-01-29 19:52:34 UTC
Last seen:2021-01-29 23:00:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 768:DjVkWSVXqRsrKyAXusGi1JUvcj2UEn04:lpE4srKz+HiUvs2r7
Threatray 6 similar samples on MalwareBazaar
TLSH 10D2BF1DE78DCA02C47D4EBE1D7353411374E20B8743EF9A0CD8E0AB5E677A85A126A9
Reporter pmelson
Tags:exe HorusEyes

Intelligence

File Origin
# of uploads :
3
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
wP3TwzqN.exe
Verdict:
Malicious activity
Analysis date:
2021-01-29 19:55:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ab6cf7cd-aa54-4891-9f3a-fecdf5c4045e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114856/
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/594355
Signature
Antivirus / Scanner detection for submitted sample
Binary contains a suspicious time stamp
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-29 11:39:06 UTC
AV detection:
27 of 46 (58.70%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
1fc2f42421eac041e7bd6ef1fb9a691a4658e26cfa22c22a96d0f5babec06c62
41e272c62e16b458816dd05ca01a7178d861ed61b6265ff87f6d04cdd1a50a4f
9254faf90ebf9e32ea3f024c10a212c03d7c2bef3169bd0710b3e45e7d18e03f
a49e379153901b3cab3c699af90979848ec51fdd2d07790606b3ed2bedb74297
af65c9bd3daedaa3d1560018858eeb0919159baf90d59b55c3363a6fffef9d92
cc7babf79c2b0aab09b6d17e93d7ecb0f01bbfcd66dc9f7f6246680ce5e5630a
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210129-6g3fk6r4ex/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
09bb2c398182816d012593f605e868dfabae77f19437574a6128757190a5e90d
MD5 hash:
ec4685684a49aab574b91b4d51e71563
SHA1 hash:
b86d437b0c6ee500a1ab18761617c694fc5549eb
Link:
https://www.unpac.me/results/cdba272f-85df-4380-8af9-e3105d2cf749/
SH256 hash:
a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a
MD5 hash:
2819d4021c3b9d2256d0ab1829942f3c
SHA1 hash:
e05b736b242058ece813d4781826390816ad41c9
Link:
https://www.unpac.me/results/cdba272f-85df-4380-8af9-e3105d2cf749/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a

(this sample)

  
Link
https://www.virustotal.com/gui/file/a717b5d3af3173ce9958a23f95269e2d8ccd8979445626342c32b398d4f08f8a/detection
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/114856/

Comments