MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4d0ae12284bb7e5ba3788d24d6dcc78049b76b9aac5989ac9114837efa8f394. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4d0ae12284bb7e5ba3788d24d6dcc78049b76b9aac5989ac9114837efa8f394
SHA3-384 hash: 57bf199fc53ba81fdf42cb7392bb0e27422096bd438bb96ab65b6b9cf77c21461bf0ab2a92b3a1faa6b81dd54564bf63
SHA1 hash: f624eeb403834e3b620fbb79590d868f2c48ec04
MD5 hash: ee9bd98d85e76d420636d5d0025b1495
humanhash: network-fifteen-eleven-may
File name:ee9bd98d85e76d420636d5d0025b1495.exe
Download: download sample
File size:1'206'661 bytes
First seen:2023-01-06 09:59:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:ssE1MoKdBw+/1TpI2HbsyHeBfp+h7L4Tg1uIPaUzhvM:LES7wiWMNeBfpKLlMSdzhvM
TLSH T1FA45E0213364DB27E07A97FA5531A4A00BBE2EA6682DD62C1DD139DE0A33F414F19F53
TrID 36.1% (.SCR) Windows screen saver (13097/50/3)
29.0% (.EXE) Win64 Executable (generic) (10523/12/4)
12.4% (.EXE) Win32 Executable (generic) (4505/5/1)
5.6% (.ICL) Windows Icons Library (generic) (2059/9)
5.6% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
165
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/349934/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
83%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63b7f12440e878e304232543/reports/8d4ea560-bcde-42d3-8c99-8e915115f7c3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/294734da-a536-471c-95bd-8ed98a8eaa98
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1146375
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c4d0ae12284bb7e5ba3788d24d6dcc78049b76b9aac5989ac9114837efa8f394/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-01-06 08:44:56 UTC
File Type:
PE (.Net Exe)
Extracted files:
31
AV detection:
20 of 41 (48.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ytik4erijo36lorxrdje23ompacjw5vzvlczrgwjcfedp35i6oka._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230106-l1nfdaff49/
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8bff1409-0070-451c-85b6-d9fe8bca1f10
Unpacked files
SH256 hash:
c4d0ae12284bb7e5ba3788d24d6dcc78049b76b9aac5989ac9114837efa8f394
MD5 hash:
ee9bd98d85e76d420636d5d0025b1495
SHA1 hash:
f624eeb403834e3b620fbb79590d868f2c48ec04
Link:
https://www.unpac.me/results/33bbb102-e375-4505-aff8-45252beb5fcf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c4d0ae12284bb7e5ba3788d24d6dcc78049b76b9aac5989ac9114837efa8f394

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c4d0ae12284bb7e5ba3788d24d6dcc78049b76b9aac5989ac9114837efa8f394

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/349934/
  
URLhaus
https://urlhaus.abuse.ch/url/2405528/
  
Delivery method
Distributed via web download

Comments