MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc
SHA3-384 hash: a4f468024f57358026886c0ff6f70f21c2e598a3ca8f00f332a49af39e6640613d72efdb0526fce288b0ccd8f34dbe5f
SHA1 hash: fa3b855f4a18360bf58d21ee05c99e05038cb306
MD5 hash: 2efd05a33e44926b3c95798b882101d7
humanhash: indigo-lithium-beer-queen
File name:SecuriteInfo.com.Trojan.Win32.Agent.xbfpnx.8820.5970
Download: download sample
File size:372'224 bytes
First seen:2023-10-21 18:36:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 07eb46c737220d993860bfd9ea99f600
ssdeep 6144:yLTFBKdVbwDCt6kV3ejjqPaHuO/U/eLT0XjosaoD008kWLlQwBYeaRBYe6PkAbmc:oYjgCx3ejjqyJ/U/eLT0XjTaoD00cLl5
Threatray 1 similar samples on MalwareBazaar
TLSH T127841948FE9310FAFA471AB04497F27F6736DE099424CED9EBCC7909DC32922591A718
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 82a280a2a2a280a2
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
306
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
data.exe
Verdict:
Malicious activity
Analysis date:
2023-09-22 16:59:24 UTC
Tags:
loader evasion sorrygomaster stealer
Link:
https://app.any.run/tasks/a2b63820-f50f-4a2b-99c8-e2a46a78b8b3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Win32.Agent.xbfpnx.8820.5970.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Gathering data
Gathering data
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/42f247fc-736a-424b-a52f-a546bbe5d01d
Result
Threat name:
n/a
Detection:
suspicious
Classification:
spyw
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/1329744
Signature
Contains functionality to modify clipboard data
Behaviour
Behavior Graph:
Download SVG
Score:
2%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vzgjow62veisqwk2a5botgdqhqhjwjyorx77ikjezbdzwg4l3lga._file
Verdict:
unknown
Similar samples:
60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231021-w9gdjaad36/
Unpacked files
SH256 hash:
ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc
MD5 hash:
2efd05a33e44926b3c95798b882101d7
SHA1 hash:
fa3b855f4a18360bf58d21ee05c99e05038cb306
Link:
https://www.unpac.me/results/48443a14-f3c8-4382-80eb-e4a26aafb050/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2722704/
  
Delivery method
Distributed via web download

Comments