MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5bb41f0b9152ac5d02813ce63c2873774893e93eab880577ef7a3d4e3810c23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5bb41f0b9152ac5d02813ce63c2873774893e93eab880577ef7a3d4e3810c23
SHA3-384 hash: fb1e60d957550c6f2083fcf39ce1ec33d914690290e023e3f49fe3c93371d2c9f011cbd7038ab61edda27812059268cb
SHA1 hash: 37ddefa52bf1c0ffeaaf03fd4579b8a5142619c7
MD5 hash: 85c111751c387dae7ca4989ac06534d2
humanhash: mirror-don-stream-princess
File name:SecuriteInfo.com.Trojan.GenericKD.42992278.11741.10532
Download: download sample
File size:349'696 bytes
First seen:2020-04-16 21:35:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:+BbkrbtxNyGxuLngu8xwAvzmUXU9G6Knri/0XBrVBkYZZ09lpyvAnY/:qIbfN6vCwA7mBDG09lpyvAn
Threatray 21 similar samples on MalwareBazaar
TLSH CA7429E6A7465585CC22ECB50D62E8D8F2619C73F4DA07D1CB743DFBD8325A0DA42E12
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42992278.11741.10532.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Gdsda
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 18:56:13 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
08361399bcfd6c87b301f7dd61be86d5eedf3013608d3cd98c818435bd43a724
1ea43f2b7589f266a7574e987b3a5c80634060fc2d1fe0eae77410c76dea326c
3ab58a49c5634a26cb2f625a97ad065d8f03d8dce711e2581e3521e2bae2b6c8
503f94f00304bc18900c3494f2da5bcb1d8a103a0b15ce00bbdaeb5dfd8d9b7b
50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97
9a99b25e5c1aa1daa2a85663b3a0484270e25b5b5c37a858fe60846004ff0e69
ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71
c256666562b73aee6208fa0bacff25b832c0ec16fe7e7081a7c7ff3ef2016c83
de064838cb87ab944c6a43f9ccfe42875ec2d4e0de7ecb3d61b92d3dcb44c5a9
e30934706120cb94fa1b52ff9d64ae43a3ea73b51efeaf50a936a982a9a7d5e2
+ 11 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c5bb41f0b9152ac5d02813ce63c2873774893e93eab880577ef7a3d4e3810c23

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/341661/
  
URLhaus
https://urlhaus.abuse.ch/url/341689/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments