MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acf637890b310dfd3d781ea621abdb19c8d3004fc979f5f9914521bbf52ae096. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA 2 File information Comments

SHA256 hash:	acf637890b310dfd3d781ea621abdb19c8d3004fc979f5f9914521bbf52ae096
SHA3-384 hash:	d4a842b0704e303495134c4877f35ffa81afc582d781b2f27f7910c0ba61440ec540bd483a31d20b8b2ea765df060595
SHA1 hash:	4b0d2377ee53574724ba0fe0960f86d875280e18
MD5 hash:	ab9c50388a39ba9d9617ef2bdf763cc8
humanhash:	cup-quebec-uranus-uniform
File name:	gg.exe
Download:	download sample
File size:	403'456 bytes
First seen:	2020-04-29 10:44:19 UTC
Last seen:	2020-04-29 12:02:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep	6144:Wg5JHngDhIJeFA2eFAkhIqfs4i2TAzS9/zZN+w:xJg4z2ze0KU0N
Threatray	148 similar samples on MalwareBazaar
TLSH	7D842903F24095B1D49A0BF29836DD70A66B7E9C38758A4E698E73291FF33472726D0D
Reporter	JoulK
Tags:	exe Pony

Intelligence

File Origin

# of uploads :

# of downloads :

110

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.MSIL.GenKryptik.EJJT.19823.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-29 11:57:36 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Verdict:

malicious

Label(s):

pony

8e164388aa881f7f4e8ad09602a3ffc52cdd8be2e30308deea4fc9ae1d4651f9

97ba4ad5b02bc8812864b06941778432faf60a667c0279c0c7c092b76e91b9cc

a4923677e96515d7fc80fad3a4d602650b5b2c5159bd0a1a49ab54b77c80e0d5

b59427205b88d9cd8b38bf4c99f902d569085b708a9eb3c6c8b6d8a8ea7a361d

c41afec81d70066b62ddbfae7e4ec8aca49d0cc3618241aa2605d35d3250bd98

e3d26ec0477d9578aaa7762c27514f91c1c9503935c9d1f48cf34698de2ac9cf

e400fef46e21fbd7191240230a5fab9326de9baf0fbebfef8883e5c2662862a1

eda6bc27798b7230d63cae9225c466b67b05e788b315e4dc443c43cf1baabfca

f89d6fc1b9128ce6c989ffbdac7a0ca8d5693a5282f9a48a6729d4b853e030c7

+ 138 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_pony_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

Rule name:	with_sqlite Create hunting rule
Author:	Julian J. Gonzalez <info@seguridadparatodos.es>
Description:	Rule to detect the presence of SQLite data in raw image
Reference:	http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe acf637890b310dfd3d781ea621abdb19c8d3004fc979f5f9914521bbf52ae096

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/353793/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample