MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4b40854b0d96e0967c64ee0f80d41222d57029ec9e3e4b72f4232291879caad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4b40854b0d96e0967c64ee0f80d41222d57029ec9e3e4b72f4232291879caad
SHA3-384 hash: aa502b5b2ab76d4424bcef79bb61b547f7705f6cec38924626f5d238925f6fdf1c547e73a6fc6f67c758c6c3f689b8df
SHA1 hash: 18cad4a5fb54a263898974a0346100d128e5e8a0
MD5 hash: 6e45d3fdb598634ad074e2006edb03bc
humanhash: carpet-network-november-kentucky
File name:c4b40854b0d96e0967c64ee0f80d41222d57029ec9e3e4b72f4232291879caad
Download: download sample
File size:1'551'643 bytes
First seen:2020-06-10 07:33:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 24576:PAOcZXsWtuGcv4MBsRm609ekx6jARJZOckDgBQmPN51lrlGSrNObuVqf1972mSjQ:BliuYm6cvmARJDDF51HvMb4qt972hjwp
Threatray 249 similar samples on MalwareBazaar
TLSH B8752302BBCA88B2D0731E326D3B6B196E7978101E259B1FB3D05DACDA755816131FB3
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.Variant.Johnnie.221809.751.14920.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 13:57:10 UTC
File Type:
PE (Exe)
Extracted files:
42
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
10189128ff7ff4ae10111c65ca809615595304636a0d0e451ee34bf23ee900a2
1678611ad4996f718c0a8998ce194dfe117bf47529c4ccad51a6816ecf4f1bb4
1acf4f64dbce46e70553494cf02959634528477066cc736e3f49df3bb6253923
1ca9978db84d8cad7f6a8f838e106799352c386cfa3aee2bbefa195e7fabe166
28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de
3a61804bb8302d42eb46c25a884cf50e7e6e383a9a48bfbfb1cfbe78ed2ed389
4d13350ebf3d38475a0a4a8c223fe6c06e00af3585eb499f60e29639b3944d3f
6d833bd671f179c8dfdf89aac0bc77cd7bb49f82a98cbf5d8122a9d47fa98e9f
9d1f32d9806bafd63451a59e1768502f31cf9dc746c9e92f62b978c1ed259497
fba31181ed1957e81c452fa1e860414d3a2bd2da470074a32f196f873a37d9ad
+ 239 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
agilenet
Link:
https://tria.ge/reports/201109-hfwxkaqxn2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments