MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd1738432d7890e5251a9a673f0114b04045e7b4a4dd4d70705e777a1c63fc82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd1738432d7890e5251a9a673f0114b04045e7b4a4dd4d70705e777a1c63fc82
SHA3-384 hash: 1fcae4b94786db41753893e5bd109f44be2f74971eb4a0f9394b90a7a9cfb128b5bc03e7e17763f961d7b101c80b8219
SHA1 hash: d059fb45b954b6e402660c0cce7f5476d703ce80
MD5 hash: d82d569e1ad4f137cebd572ee786e440
humanhash: maine-hamper-batman-carpet
File name:SecuriteInfo.com.MSIL.GenKryptik.EJKL.19607
Download: download sample
File size:541'184 bytes
First seen:2020-05-01 05:38:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:fMxoXzmEqO0uNziT/h2boQn1Ri3gfY5mmplvMVxA95nJun+bgg21T49hIoUSPa+b:GAzmG0BZQn1EpxpR46rA+Eg21cbLPem
TLSH 2FB4DF267AA5E836C0014A39CDA8C5F95572BF58EE24820776E2FF5F3BF72068815351
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJKL.19607.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 19:14:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Verdict:
unknown
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe cd1738432d7890e5251a9a673f0114b04045e7b4a4dd4d70705e777a1c63fc82

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355314/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments