MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9b96af1774e8cfccad0ada463591df6cc434ca012df289d263606c116faf8b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9b96af1774e8cfccad0ada463591df6cc434ca012df289d263606c116faf8b0
SHA3-384 hash: 7ad13b9ac63b31fbf5c162e70790ef85307763a91e2813b45136e8f89b571bb9f22904410d40043b4d56f6e29749285d
SHA1 hash: e5bd6323a2151495ad1055fd5565d078fe67b16f
MD5 hash: db72079bdf34f0ca0ebffeddcfa35ca5
humanhash: ohio-seven-bulldog-kitten
File name:db72079bdf34f0ca0ebffeddcfa35ca5.exe
Download: download sample
File size:1'034'988 bytes
First seen:2022-04-21 08:48:21 UTC
Last seen:2022-04-21 09:58:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:7J8eCJk9Sxl8vpd4eEgPjuQiJ5lauIXeOHp7P1AQ:98eQuSxKvpd4ZOBWDVIXeOT
TLSH T1D425022827EC4681FBBE57FFF5B504048771B92B112BEB1D86C224DD0EA27819A5B353
TrID 49.9% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/265401/
Detection(s):
SecuriteInfo.com.Trojan.Siggen17.31509.29048.3040.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated overlay packed replace.exe update.exe
Link:
https://www.filescan.io/uploads/62611a81eab80a7a6c52669e/reports/86614220-a7f3-434e-b193-3caf1bfa883f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cea37b0e-2c6e-4835-ad03-3b71799ebefd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/980525
Signature
.NET source code contains potential unpacker
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9b96af1774e8cfccad0ada463591df6cc434ca012df289d263606c116faf8b0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-04-21 08:49:10 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
10 of 42 (23.81%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220421-kq1saaeac4/
Unpacked files
SH256 hash:
c9b96af1774e8cfccad0ada463591df6cc434ca012df289d263606c116faf8b0
MD5 hash:
db72079bdf34f0ca0ebffeddcfa35ca5
SHA1 hash:
e5bd6323a2151495ad1055fd5565d078fe67b16f
Link:
https://www.unpac.me/results/6cb2d2a9-6a63-4c86-b9a6-3b6593c346b8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c9b96af1774e8cfccad0ada463591df6cc434ca012df289d263606c116faf8b0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c9b96af1774e8cfccad0ada463591df6cc434ca012df289d263606c116faf8b0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2118544/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/265401/

Comments