MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d28f197462a15e5c968d7bfa8ba66b8e3a4b9c9143abe969c682dffe590a8005. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d28f197462a15e5c968d7bfa8ba66b8e3a4b9c9143abe969c682dffe590a8005
SHA3-384 hash: 1e9303f393659a912a541bbd886c04f3017decb0142d33380c23f786394af7501c8855da16e360cd59c8042065a57f22
SHA1 hash: 4c19105c3e1e1b6fde96e6b65887b1569e433cd8
MD5 hash: ee978d3f5abd2c5b6caccb5bda628090
humanhash: washington-gee-berlin-princess
File name:SecuriteInfo.com.Trojan.Siggen9.46269.10742.30040
Download: download sample
File size:208'896 bytes
First seen:2020-05-14 14:42:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:GmNYDmqq65L/7vr6v/GEY0jMJSFsLsWrBxjcv0Qr1w12aje+7cVZ:WDC65r7Gv/G+YK4sWKrCe+7c
Threatray 79 similar samples on MalwareBazaar
TLSH F5143A0433BD0779E5BA8BF85AA1A050CBB1B61E34ADD36D4DD160CF09D5F80CA96E27
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.46269.10742.30040.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 12:38:25 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2807548dd82445eeac614506066b893c6cd90c8b02c6374dfa491defc817007a
45bea748d6714e636270097d0dca1ec13a2442359b3b9bc09204cd73dfb4dae0
46e4277f443844937417375ec6befe13770c4595980c7f56996381492943e419
6bece1991883897d6c949fa8eeac82f1bc6b7fbfaf581f5b5be776c4230bd007
6e074d94e7f7050aa12711501899601b3b9e5a42c003bd20067eb3c3939332ce
89bd696df7073c78ebc27a60c79728b782ca27d1d82abc8b0d5aafea1d1d61d3
d3e61ff0f9f172da1ba0f3e59ccdb7ea480a3e9ea6e141d134df6f421ff44cc8
d9a20b5a29f7c7a81854af1fb1dfe50dc63ec6026d07d271b1d3be30b061ca0f
f397b3ef0807ca0679420810983797c017fb980df61b23ffd002299a2b502bd1
f3b33a885af940210f10df7e1c96dc388161961dcb52b6d84c3b7458d20ce116
+ 69 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
coreentity rezer0 evasion trojan
Link:
https://tria.ge/reports/201109-3mpqfwndxj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious use of SetThreadContext
Executes dropped EXE
rezer0
Contains code to disable Windows Defender
CoreEntity .NET Packer
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d28f197462a15e5c968d7bfa8ba66b8e3a4b9c9143abe969c682dffe590a8005

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362548/
  
Delivery method
Distributed via web download

Comments