MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9
SHA3-384 hash: 5f8091f344e395bd52969320ae965c02607e5aa8ea415081a273fe553b9eb3d13ed8f3e7a6f21126bd5bfc63bd34e324
SHA1 hash: eb77f8217183ae6f2b8e2195510b051a360c5307
MD5 hash: 77b9f4d5c61b2137787a5da85717e88d
humanhash: august-ack-princess-grey
File name:77b9f4d5c61b2137787a5da85717e88d.exe
Download: download sample
File size:76'536 bytes
First seen:2020-12-22 12:24:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 1536:E2T6lV4tEuSacGYzvLr7Pu+JS11gdjHOSYxeC1IkhhUfaQ:Lg4tFSaBK7m8SANYxeC1zhrQ
Threatray 2 similar samples on MalwareBazaar
TLSH 0C73F701B3F88A59F6FB6F393EB350141975FFA65976C26E0604258D49B2B80D6E2333
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
77b9f4d5c61b2137787a5da85717e88d.exe
Verdict:
Malicious activity
Analysis date:
2020-12-22 12:34:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fa0b3f8c-2f2c-44a1-8901-36eb5d8113c1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108842/
Detection(s):
SecuriteInfo.com.Trojan.Siggen10.33763.18903.27205.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
DNS request
Sending a custom TCP request
Unauthorized injection to a recently created process
Adding an access-denied ACE
Searching for the window
Creating a file
Creating a file in the %temp% subdirectories
Deleting a recently created file
Replacing files
Reading critical registry keys
Creating a window
Sending an HTTP GET request
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/568437
Signature
Antivirus / Scanner detection for submitted sample
Binary contains a suspicious time stamp
Connects to a pastebin service (likely for C&C)
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 01:52:43 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030
57b3bc2626b9c7fa3000e8be451e8b5799e39e0c9c957847467623a26e2c0652
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201222-1b5synvwee/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9
MD5 hash:
77b9f4d5c61b2137787a5da85717e88d
SHA1 hash:
eb77f8217183ae6f2b8e2195510b051a360c5307
Link:
https://www.unpac.me/results/ac3bde50-1bea-403d-ace0-cc7a32f298e8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/938131/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108842/

Comments