MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8c450181bbbc56e1812aa2e9ff90597c5b891bc6829db74b89f51d162a4060c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments

SHA256 hash: c8c450181bbbc56e1812aa2e9ff90597c5b891bc6829db74b89f51d162a4060c
SHA3-384 hash: bd6778ca29c5ed9b47e9dbe3896ee03e07a47070b664e7ba87fa0d656de285002dc45cc8d1709fdc938a3dcd15e454f0
SHA1 hash: e9a4be89e495f2aecc5bd54d4f5d37e84f3a36d4
MD5 hash: 44b0911bceba8ef942c4702501f6d5b7
humanhash: freddie-lion-sad-johnny
File name:lnkBanker.zip
Download: download sample
Signature n/a
File size:7'791'879 bytes
First seen:2020-03-19 18:43:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:jKJYguyYHvwNdNPYA0SariAP0T5j4Hu1X/H0ZnPwPwB9Pmz5Jou78Xu:0MnYPNuS0PXHuBH4+mmz5Jeu
TLSH 967633FFBB9F206072511F4C57C9C4CD0EA0E65DABB7348B9A252708A16E0B7721B479
Reporter @Libranalysis
Tags:banker isesteroids lnk powershell


Twitter
@Libranalysis
LNK malware with a Powershell component that is obfuscated with ISESteroids obfuscation. A detailed analysis can be found here: https://maxkersten.nl/binary-analysis-course/malware-analysis/lnk-isesteroids-powershell-dropper/

Intelligence


File Origin
# of uploads :
1
# of downloads :
117
Origin country :
NL NL
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Bzc
Status:
Malicious
First seen:
2019-03-08 08:36:55 UTC
File Type:
Binary (Archive)
Extracted files:
193
AV detection:
32 of 42 (76.19%)
Threat level:
  2/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments