MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c582dac0f0f94c07579c35ab71f62b25bf499123d3bea89a33a6b8a80ee3325c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c582dac0f0f94c07579c35ab71f62b25bf499123d3bea89a33a6b8a80ee3325c
SHA3-384 hash:	4e79dc1f52f9f084fcc9bd6e89715849ccde248dfd834d1518de650d72535fbe3e0ae4d4193b6d71b078ccdc21742140
SHA1 hash:	8cc64da8e67d02e855cc5940b93d30da242d78ce
MD5 hash:	53bba5a14c6a6d06209707a79d929678
humanhash:	carbon-tennis-bulldog-apart
File name:	Cargo AIRLINES CSR.exe
Download:	download sample
File size:	148'992 bytes
First seen:	2020-11-16 09:36:11 UTC
Last seen:	2020-11-16 15:04:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	1536:eDO4TziVQ72n1bPTFO0vuqdvLWgM24EuxZHtEv4VARMlbYm5ZuMc1SSdlxHe:Ezb7K1bPTF1dTnAvZZ0Pe
Threatray	57 similar samples on MalwareBazaar
TLSH	14E31A66B9BAC411E3498533E2EA750403B2F7C397D7DE09375DB2200AD67EA3C4958E
Reporter	cocaman
Tags:	exe

Intelligence

File Origin

# of uploads :

3

# of downloads :

98

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen11.19125.29454.15486.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Using the Windows Management Instrumentation requests

Enabling autorun by creating a file

Result

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/537364

Signature

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c582dac0f0f94c07579c35ab71f62b25bf499123d3bea89a33a6b8a80ee3325c/

Threat name:

ByteCode-MSIL.Backdoor.Crysan

Status:

Malicious

First seen:

2020-11-15 22:26:34 UTC

File Type:

PE (.Net Exe)

Extracted files:

3

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ywbnvqhq7fgaov44gwvxd5rlew7utejd2o7krgrtu24kqdxdgjoa._file

Verdict:

unknown

Similar samples:

1e9ff9549343dcb17dcb137508657a94e5503579e0e0741443b27c732b62fa5c

290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3

365759dd03965a10bfb50c17454055b0272a0cf33b78aa78441ab6cc996e1090

4c8728146976e30a09321d1e158aeeb46908c54fa8614ccef7fbc9761956eca4

51a081994bc33b6874d4864cb47a14e4cb8e7eac7100abdfa391f89befb7b37e

7029f74bfaf5637a25dad61b7a7462141833886ac9637790d0fdaf7e72d84a3f

7a844a73345acfd4a047d76088829ba790ae67a7d3a3527feecb290c6dbfc3bd

c0b81523511df7b87111c6d4d849f08326e22a15adeb15a203feb8ce5ca56a75

e7f93c2a012002bd558069f5d5d7b20ee1df9ecade97d85f6edd9e0b66be0623

f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2

+ 47 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201116-wtkzrefprx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

c582dac0f0f94c07579c35ab71f62b25bf499123d3bea89a33a6b8a80ee3325c

MD5 hash:

53bba5a14c6a6d06209707a79d929678

SHA1 hash:

8cc64da8e67d02e855cc5940b93d30da242d78ce

Link:

https://www.unpac.me/results/974ca8f0-c966-45ce-901b-9c070fa1ff2f/

SH256 hash:

18489a580971ff76b9a1e1d5be16d2add36ea3d4978ea5f9a50c3c09482bed1a

MD5 hash:

50022c7246c2e689c4b514b7dfd9c0cb

SHA1 hash:

7d3a8460265bb189f59dce7dfc093ba6559dcbc9

Link:

https://www.unpac.me/results/974ca8f0-c966-45ce-901b-9c070fa1ff2f/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 35d4fe98ae0509221e65c50a5c9874c74641bd88bdd16fbe90cad4a3a0fe94b9

exe c582dac0f0f94c07579c35ab71f62b25bf499123d3bea89a33a6b8a80ee3325c

(this sample)

Delivery method

Other

Dropped by

SHA256 35d4fe98ae0509221e65c50a5c9874c74641bd88bdd16fbe90cad4a3a0fe94b9

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample