MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4d429efd24ae3380efb7e78fb6939ba858836bad9ebebf5cb92e399202eddad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4d429efd24ae3380efb7e78fb6939ba858836bad9ebebf5cb92e399202eddad
SHA3-384 hash: a14772d9c5e9282ac7aadc2397fdc17f53ed47e2898390f87f08254834f92c8a64e8c585da9ec08f72fb75781243f0c1
SHA1 hash: b4477abde71f3fd86bb678bf3506b4a235055d83
MD5 hash: 49d33f35ffe1ace13ef8381813d0b8dd
humanhash: muppet-twelve-pasta-high
File name:c4d429efd24ae3380efb7e78fb6939ba858836bad9ebebf5cb92e399202eddad
Download: download sample
File size:677'888 bytes
First seen:2020-11-15 22:53:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:LT9KA+LOD9SETglMSR9oqGtlLry3TYJ7UAGkoDFDiRjTRj62uMK0TL/Ff0KY5ns:YAEOD9dTglMLq0UAG1DNiRjdj7X98zns
Threatray 8 similar samples on MalwareBazaar
TLSH 6AE48D1773449B21C77926B8C0EB542493F2D9AB5333F7A93E8412DC089635BFE4A64E
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/538189
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c4d429efd24ae3380efb7e78fb6939ba858836bad9ebebf5cb92e399202eddad/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 22:54:32 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1acdf1fa101a7f3d7c59bdc7494a67879a0b1b0410122072f73ecf3cc8eff5e9
1af23919d3e943f51b279e81dd75b9005ed22e550817e5e76eef825864e600d3
2a03af662a64d3deb050b7a329060214b46dbb817aeb1fed697929b3db962388
6f7f2ea8d98aa55fdeacc91fdbe55edd4ad238ee0cbc55b98058411e6f9568ea
75bc87dafaa424cba64308b349fc324d263e2a3e267c59962a79da9005caafb4
ac9585a2b073ae83bd5447fa7be6aecd242a4b70c024bd200fd691c763878fe1
dc7eca029a78b39613bff941031b613939680b1d019cc6ac84960263232b22e3
f9911b3afb169b55efa561019120d2a33ba6b1485fe70e16a70833725b6a3242
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201115-wz1q9geays/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
c4d429efd24ae3380efb7e78fb6939ba858836bad9ebebf5cb92e399202eddad
MD5 hash:
49d33f35ffe1ace13ef8381813d0b8dd
SHA1 hash:
b4477abde71f3fd86bb678bf3506b4a235055d83
Link:
https://www.unpac.me/results/dd023aeb-5f28-4fe8-ad6b-c654047b8563/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c4d429efd24ae3380efb7e78fb6939ba858836bad9ebebf5cb92e399202eddad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments