MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d
SHA3-384 hash: 4552ae84e32cead77505c840c0ab445433e0220914584bec20da9c1c0af3c57b77b231edbed22075696275be5288821b
SHA1 hash: 4f3d7c8fbdbea47a9d8de23b6f39fa0e20d33fca
MD5 hash: 79626ca03244cb15dc2e402326a0e053
humanhash: network-beryllium-arizona-fanta
File name:44M12KT.exe
Download: download sample
File size:995'328 bytes
First seen:2021-03-25 07:09:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:MR9yVz05gHTPJG+7T1ICqOiVxHujOk/1cxuP:MR0FGU7JptICqHbHujOk/1m
Threatray 90 similar samples on MalwareBazaar
TLSH E325DF3E05666B27D5BE83F589E50007F771A02A3186EB1D4DD627D41BA2353B88FA0F
Reporter TeamDreier

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
44M12KT.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-25 07:10:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a30250b7-122f-4f9d-a9a0-152bacc6fb03

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Dropper-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/653409
Signature
.NET source code contains very large strings
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-25 04:15:15 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnluzavjixz2jyjsa7w6x2s4ohykzbzrorozcwqfzkkxu2legjoq._file
Verdict:
unknown
Similar samples:
0a70b0923bbeabb1a48caaf2a3e37d81def85aeda662746bb782a4de7fecdb4a
2e96f7a6b4dd1d5251af4962a9028aac90c2ceb282495018c2d879ebf583f9ea
453a64df6bb4a9b5ef79d9e4d3b179869dcd6bb9b01a02be8289c04276e5483d
48cf95888259138c1d0b910da9c79083f16977df3d32a1708e3a4bd1c9015f5f
490ed173b3c4ca1a65441a874c4772c86c77ae0673c7eaa88248201714226a85
a4470807c1518543552911cc3eaf6d9609e545ff44d961f32110166ff1c2b59c
be5e5be8981ef261f24b21b1d6b67f5041d10ecc3eb3697a67142d43e71c7ece
bfecf1d24ef83e7bc35143c6ef0cc09a0a77902e2fd6ef9f5d5a50d0968c088b
cfbf1e8483cddd75356dedc9630659fca435a94c522c43c9178c1114aa6423b3
eee9ef1189886f11287b1db59eb13fba5c5f2b880e9fb744cafe15feed1f57b3
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210325-dqjw5y9lmn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d
MD5 hash:
79626ca03244cb15dc2e402326a0e053
SHA1 hash:
4f3d7c8fbdbea47a9d8de23b6f39fa0e20d33fca
Link:
https://www.unpac.me/results/1e915734-6d85-47f0-8133-b06bf8da1301/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments