MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd5a3777ff53017e45b4e368fe411e0672060d188bde66db5019bd7c0e47a220. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd5a3777ff53017e45b4e368fe411e0672060d188bde66db5019bd7c0e47a220
SHA3-384 hash: 3acad72f07d7c877a8bb2bec89ad52db6be90ca851181ca1a5c4407fa7a79eb1a6e3c7929e5ee963ccb0699e44d58e61
SHA1 hash: 12b9601b07614a799a806bda1c20bcc20418ffcc
MD5 hash: 408e60d3dd4014081f0b056530c69d32
humanhash: lactose-texas-michigan-fifteen
File name:408e60d3dd4014081f0b056530c69d32.exe
Download: download sample
File size:925'696 bytes
First seen:2020-12-11 08:04:21 UTC
Last seen:2020-12-11 09:55:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:soKy71lkKzyzPDA+c8DoV9ru/3/SoMS173VD:5KO1lkKmrH0VNu3S4F3V
TLSH 6515128476A4B56FC73A8C7649E50C80DBB060BA9B02D3875C8315EC765DFDD8B48BA3
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107718/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.44951681.23972.18632.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/561605
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd5a3777ff53017e45b4e368fe411e0672060d188bde66db5019bd7c0e47a220/
Threat name:
ByteCode-MSIL.Trojan.Dothetuk
Create hunting rule
Status:
Malicious
First seen:
2020-12-11 03:15:59 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201211-r4lg9qeh2j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
bd5a3777ff53017e45b4e368fe411e0672060d188bde66db5019bd7c0e47a220
MD5 hash:
408e60d3dd4014081f0b056530c69d32
SHA1 hash:
12b9601b07614a799a806bda1c20bcc20418ffcc
Link:
https://www.unpac.me/results/bd0698a8-632a-4a43-8ab8-1f8355ddf362/
SH256 hash:
c88a66cbf00b12c88e2b970b8bc220e970e8465e56098ced24e97d42be901b94
MD5 hash:
a60401dc02ff4f3250a749965097e13f
SHA1 hash:
3f22d28fd765f831084cb972a8bd071e421c26a1
Link:
https://www.unpac.me/results/bd0698a8-632a-4a43-8ab8-1f8355ddf362/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd5a3777ff53017e45b4e368fe411e0672060d188bde66db5019bd7c0e47a220

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bd5a3777ff53017e45b4e368fe411e0672060d188bde66db5019bd7c0e47a220

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/847208/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107718/

Comments