MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be80145865e68708af5aff86fbdccee72e3d21c890ecf302bd6aef858689d56c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be80145865e68708af5aff86fbdccee72e3d21c890ecf302bd6aef858689d56c
SHA3-384 hash: e98b6741a723326d758246d9ac708f6163d3afaca53d8c33b23b5e262f53678a1c288be5824b24b777518cb666d19a73
SHA1 hash: bacb8ac1fad919f6269d32c2812b094b728b54d7
MD5 hash: d3a640df18d2acd20c9b109a26f717a7
humanhash: low-mango-lemon-asparagus
File name:SecuriteInfo.com.Trojan.Loader.798.32285.14950
Download: download sample
File size:292'408 bytes
First seen:2021-05-19 21:12:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:3s6oqILm9usT31p9ZKKLBV0aE+I9CkkXg3uxoCmIT3mM:926pT31pCGj0aEskkXVEITx
Threatray 831 similar samples on MalwareBazaar
TLSH BB54120E31E884A3E19F4D766DB69E2BE7FD5A911B1046571B240F0F2FB21C7A52C14E
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Loader.798.32285.14950
Verdict:
Malicious activity
Analysis date:
2021-05-19 21:21:50 UTC
Tags:
installer
Link:
https://app.any.run/tasks/6e27571c-09b1-4b04-b179-a2a0a6e738b1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/158956/
Detection(s):
SecuriteInfo.com.Trojan.Loader.798.32285.14950.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Casino-141
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Unauthorized injection to a recently created process
Sending a UDP request
Creating a window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be80145865e68708af5aff86fbdccee72e3d21c890ecf302bd6aef858689d56c/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-05-19 21:12:47 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2abiwdf42dqrl2276dpxxgo44xd2ioisdwpgav5nlxylbuj2vwa._file
Verdict:
unknown
Similar samples:
1265cd7cd52561d0e688f2ea1a8a9c8ed712b4f6fb82e253424f9a6cdad5d995
51abb9671e2f9449e14d2467c5e21d87362c68073652d925f26b61397246f91f
6448c5144ca088ea86cb927c163a409a0a235e1c91cfcc3ab8f6ac687f0c8e80
6b10d3c8721e6d9159f63ef4373ac02759c686a7a274d098c34829cfc2bdf8ad
744400d590042d779a25401879f9906b979e32bba3fac355a0ff2d5a00f4fcfc
74d5a7052ca7168700158a9f7c8c15f37c99355e1b84dc5a73724d605bd35604
c2f2615fca34a6034cbbfb133c629c1601d496827547ecad28e833e9a7fa810a
cdd3846d491f1fbc9ecc35197a8336a82acfb003239c7b674582d876ecbc7f55
d6de59287fd3d5aa571551f2c4f0f05cbba2b35b801ddd854c5297349f83702e
e53122230df3df822e7e4476d12fe580f5b6a18e793b42703e00fb58e9f2547b
+ 821 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210519-9r99dzt1gx/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/be80145865e68708af5aff86fbdccee72e3d21c890ecf302bd6aef858689d56c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/158956/

Comments