MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb580aefeab71d89497055434d2e09f655bf686c8e19db6cafba62e14b9415f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb580aefeab71d89497055434d2e09f655bf686c8e19db6cafba62e14b9415f6
SHA3-384 hash: c37f4dc4e66ceeeba5e6daeeab4a093a9e0e694a73a88f136514e307e8bf0ae9f1dcc72b5fe37ffb8e5fc73d19f68ef3
SHA1 hash: bf6daed11e9afc54b1b840d35e87b6faa5e84f68
MD5 hash: 6bd24884af333a07d32d2f523a101df5
humanhash: salami-princess-solar-oxygen
File name:SCAN_03_26_2020_DHL_COMPLETE_SHIPPING_DOCUMENTS_PDF.exe
Download: download sample
File size:286'208 bytes
First seen:2020-03-26 12:17:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'602 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:kV/NyaQJS4Kri22am09yYRFZNgXYZXF7era:kVFyaQJSdrd2109xFZNg87
Threatray 4'870 similar samples on MalwareBazaar
TLSH 1554120D37E5967FE63E4FB5B89213065375D2A1A093F3922EE5B0E11AABB6045013F3
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EHBT.27846.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 12:17:19 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=znmav37kw4oysslqkvbu2lqj6zk362dmrym5w3fpxjrocs4ucx3a._file
Verdict:
malicious
Similar samples:
163065b27e36ce19e815d862a46534b6b7a048be46562ae48c3811fb35fa3338
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
347aa505ad319b4d8ee54aabe34dfc2af12b4747af23c6b635821ba9aedd0e32
41b0a4eba05ad382e109d412680e4a5a636cbc7dc6928c5de923d689f070ece4
67586cd711a0de6176d2df1bde9bf36f024f893328ae9c447bdf5e636e99502b
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
b36d0b4952457c89f455f2333a815b0a1d7530a108bf43ea0ef1a7c17fe2774b
b7a360cf2a3651e663b82407d8aa940f66b4c7f9569fc445771d8bc17f727bef
+ 4'860 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments