MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb4fe4ae6df941778930bd5ff104037ae494f145caaaa43bd7107a62d04522fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb4fe4ae6df941778930bd5ff104037ae494f145caaaa43bd7107a62d04522fd
SHA3-384 hash: 66bb8eed233bbde7e564cec2ccc61f73b38e8c6d07f1aeaa952dba8e0070ac89aca8eb75bb2a361254adfa1fd592c3b9
SHA1 hash: 9185a9c617e9367cf72cc2b88991728ed78f4f89
MD5 hash: 0a1251ea53849db102c5a07c0deb63b2
humanhash: burger-sweet-eight-muppet
File name:0a1251ea53849db102c5a07c0deb63b2.exe
Download: download sample
File size:853'504 bytes
First seen:2020-12-08 18:40:11 UTC
Last seen:2020-12-08 19:51:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:5Ko6qINchIc2gBrorXS/fbs1cBVJ+9q6DPLcR6vk1jfGK4iNcIUx:5wLchXrcXSnbRVJADDoRMWKp
Threatray 20 similar samples on MalwareBazaar
TLSH C005AE349FB90636F53BAB3C85A02445ABAE77D37703CD6C69B602CA0727642D9C163D
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://192.3.152.237/doc/OOhms.exe
Verdict:
No threats detected
Analysis date:
2020-12-08 19:46:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bef4d62f-a30d-4a5c-8dcc-a1042fc14c3a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107340/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.16406.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/558369
Signature
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb4fe4ae6df941778930bd5ff104037ae494f145caaaa43bd7107a62d04522fd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 12:39:02 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnh6jltn7faxpcjqxvp7cbadplsjj4kfzkvkio6xcb5gfucfel6q._file
Verdict:
unknown
Similar samples:
0c8039997bd2e456e42836a36ccaec5d0d1245f288f4b4fc1e86e4e8f9c60011
1989b7078501dfe26669ba2af737ed8dba616acb527193e3c64eaf3a1942c5b8
372d44cc54918eeb7143b31e1619dae60ed601d4d25d7af53a7daef9e5cb4799
4504cb7fa8692435e6fdbf45891b15cc9e3644fe04995ccba0c98368f42afb0a
6fa5193499b368d6d8019e1d0911bfd896de0e79250f6b1bf9f371c7f213f12f
9f0fde66227b7ebbf3aba0e185f78a815acd6b888a30ec67ba7cfe934e85f1fd
cc1eca017e6b8508d3781e4962d2707736809073615180e296cf5de2acc4130a
d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d
dcb39be80203e5de62b87f99b5fe21eb25556d58c9d654156850995e86f1f4ba
de10e041ff3250edccbe8a5edee50e9812620a3fff80de82545f018ad24cca0b
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-jt4eljf1za/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
bb4fe4ae6df941778930bd5ff104037ae494f145caaaa43bd7107a62d04522fd
MD5 hash:
0a1251ea53849db102c5a07c0deb63b2
SHA1 hash:
9185a9c617e9367cf72cc2b88991728ed78f4f89
Link:
https://www.unpac.me/results/65b6e4a0-1237-49a5-97b4-17ad3c8f2505/
SH256 hash:
9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f
MD5 hash:
7476e403eef14ac403c63c7279831780
SHA1 hash:
8387f558e30dc115987ac2b5c174a41302471abf
Link:
https://www.unpac.me/results/65b6e4a0-1237-49a5-97b4-17ad3c8f2505/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb4fe4ae6df941778930bd5ff104037ae494f145caaaa43bd7107a62d04522fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bb4fe4ae6df941778930bd5ff104037ae494f145caaaa43bd7107a62d04522fd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/899401/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107340/

Comments