MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac229b3885937953446d36f13aec9becdc71cf2edd2a4df4a3a74cd91dfbf8b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac229b3885937953446d36f13aec9becdc71cf2edd2a4df4a3a74cd91dfbf8b2
SHA3-384 hash: e82ffa94c39e5fdd6c3f1f823ee980d35612d5028d86a22861cb6fd07b2d414b902bfc9d7d9652180b495d848a74865e
SHA1 hash: 48e6e50e6251630d500a017bab97183bf7c741bb
MD5 hash: 87e1a08a7088a33d1e034f3f1ca2df41
humanhash: bakerloo-freddie-alanine-eleven
File name:87e1a08a7088a33d1e034f3f1ca2df41.exe
Download: download sample
File size:1'016'196 bytes
First seen:2021-03-30 07:07:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e9c0657252137ac61c1eeeba4c021000 (53 x GuLoader, 26 x RedLineStealer, 17 x AgentTesla)
ssdeep 24576:tzMI+Ja1ev6LdClKSkAPygkwlL+c880eCjKALXKp3gJO+:Bh+Ja1ecQlcYlL+35uALXmQJO+
Threatray 132 similar samples on MalwareBazaar
TLSH 9C25231131D9DD06CB02EF34087D991D47324DB8A8EAFE1237B47B372D7A852692F58A
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
87e1a08a7088a33d1e034f3f1ca2df41.exe
Verdict:
Malicious activity
Analysis date:
2021-03-30 07:16:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1e8387b3-fc8a-4e7d-bcd6-646bec3ae7fd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/127927/
Detection(s):
Win.Packed.Dopping-9832657-0
Create hunting rule

SecuriteInfo.com.MSIL.Kryptik.UGA.20041.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Running batch commands
Creating a process with a hidden window
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/658141
Signature
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Check external IP via Powershell
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses known network protocols on non-standard ports
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac229b3885937953446d36f13aec9becdc71cf2edd2a4df4a3a74cd91dfbf8b2/
Threat name:
Win32.Trojan.Convagent
Create hunting rule
Status:
Malicious
First seen:
2021-03-30 00:50:55 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1c88f5a9499a54522c8338fb93c326debeb890fb08251ce29fcf19ae7441d11c
1cb6f41ae09b700eb04f034abd2fb8c727383d671ba11f14309dd2b49d32d54c
275b527d14d8cfd6494cda04718e8e77a05a8779d034119d1772590be6257348
27bc6cc40be62fbfdfc9ba924ea338356cc5a6058640bb7485998f4f99c57897
457ef54ef04120925f12519bade2263927c7abf60fefbfb8d86e78a2e7d9adb4
63c75b202de0f46aeb2fd2ff7f9317a0f1013de4d4ae84520ffd7318f0bdee42
6ef31a13d71d059d6e007fb2305c8e2d7615c3d468c9f2f4e023b45490b50787
d1597e584fec8eb356aa5c831045b2ce68531e69fe70436fa3ca0d8dd1d90ca7
d70f6d3c47cabebfe5f4573c726441785a210ec689ad4e70e002441f62cf9d31
e9d6521ea11ab83de3220b24232603c32fd373bbcbbd01613ceb1580e9564c0d
+ 122 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210330-y9bnknphgx/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
fb313118d6b5ba471104483df934b84569370703c8248a341f7ada81197d8e82
MD5 hash:
6f8fd137c7206efaee358be2f1cd06d9
SHA1 hash:
3331fe706268dc19a896c4887d17920a40a3d42e
Link:
https://www.unpac.me/results/18064a6c-5534-4245-8f6f-6e3acddc8959/
SH256 hash:
fdccaed76f7279e6b8cc1579dadeed03fa1b8d1adcdfbcac585a68da168366d5
MD5 hash:
8b603b23caf00139206f293eb741a9f0
SHA1 hash:
1cc90aec7ce07b13930fe0c088fe3cd155b3ea07
Link:
https://www.unpac.me/results/18064a6c-5534-4245-8f6f-6e3acddc8959/
SH256 hash:
cf9a04d45bd1eb2fd6824dfa59e80c66015bb209da1093d05c7d3a1c5413017a
MD5 hash:
ab1ff631e6fbc2c61b6d972cc3f9c14b
SHA1 hash:
0e31f41008c21cf2cea6a4bdcc35ec51edf28fbc
Link:
https://www.unpac.me/results/18064a6c-5534-4245-8f6f-6e3acddc8959/
SH256 hash:
49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a
MD5 hash:
293165db1e46070410b4209519e67494
SHA1 hash:
777b96a4f74b6c34d43a4e7c7e656757d1c97f01
Link:
https://www.unpac.me/results/18064a6c-5534-4245-8f6f-6e3acddc8959/
SH256 hash:
a6fe62d19b2b0f608fe3367ba5612742b9ff248b91a32b13fe189c891a22a00d
MD5 hash:
729168d16501390f6b7d92edb38886c4
SHA1 hash:
d244dc2a6325b22a02372c2b8e01ef4a3e51d10c
Link:
https://www.unpac.me/results/18064a6c-5534-4245-8f6f-6e3acddc8959/
SH256 hash:
ac229b3885937953446d36f13aec9becdc71cf2edd2a4df4a3a74cd91dfbf8b2
MD5 hash:
87e1a08a7088a33d1e034f3f1ca2df41
SHA1 hash:
48e6e50e6251630d500a017bab97183bf7c741bb
Link:
https://www.unpac.me/results/18064a6c-5534-4245-8f6f-6e3acddc8959/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac229b3885937953446d36f13aec9becdc71cf2edd2a4df4a3a74cd91dfbf8b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ac229b3885937953446d36f13aec9becdc71cf2edd2a4df4a3a74cd91dfbf8b2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1011490/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/127927/

Comments