MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b528251075071c38ce1e0b667af69434125bd6f8afb0de6401b83b41939b2ced. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b528251075071c38ce1e0b667af69434125bd6f8afb0de6401b83b41939b2ced
SHA3-384 hash: 602ae44a6153a6541e2fa7cc6b57d51c2e47e817da9f2c68c4db272a0316586d602a0fab66f0d839fbbd8a9910c5a827
SHA1 hash: 5df55474424dd0445ffb0c8f2b55e26f3d247f34
MD5 hash: f5bac73547f97032c8894732a351e065
humanhash: zebra-monkey-seven-artist
File name:195a1s0ssssd7da.exe
Download: download sample
File size:734'840 bytes
First seen:2020-07-09 17:14:17 UTC
Last seen:2020-07-09 17:15:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:EVw1SGEeRASP532sfEJ1i/jthKlXwsHZ/WNNxqhKlXwsHZ/WNNx:EveRfEJcbtslhtWMslhtW
Threatray 1'051 similar samples on MalwareBazaar
TLSH B7F4BE317BE29A05C37E8F73D96241109E36BAA77A06D3DB5ED814DD8C673081A17723
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24007/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.378.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b528251075071c38ce1e0b667af69434125bd6f8afb0de6401b83b41939b2ced/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 17:16:08 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
09344b412ef8dbc6b398dd6e3580f482382bd24b672554039668b17a39661b50
1ae52558dadc5c5b388c0a64b6e54ead3280540b5a1db2d90f20d960257004dd
4fa82bcc428147d23e5abc86fb9bfdc61829d91094659e74250ac43ab9a73ab4
657c48c3e07fed5d334e86e1286ac8289c0269f4f53375e6ce4307fbd59a2f27
77d403e5404835dbe9746a2b5171f00ef7d3d299af68838af5bd50781035a900
b215d5e7cf39628497363e29d2dce0475e7180da848f7f6032d1187c78fd16bf
bb48fbcf365f8a493866cba9818c84614cfc6a9877a6e30e2f7cb445253be1d9
d16fa56cb0a364af38fc793a004da046fc4fe317df470e899f5142cb6a9ca718
d4d432c94d69e9a57f473c042f53abc181aa8919981206a3714201f429c19b44
f9397a0438f1e3a8d03aa326dc4910482df49dd295228d9a4dda1f55247fd6e3
+ 1'041 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
ransomware
Link:
https://tria.ge/reports/200709-y5l8sjy712/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Drops file in Program Files directory
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/24007/

Comments