MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d701dbbe5d989ef6ec473fbf061f93291ad3bf8c78796fd55afca9b5ba18872c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d701dbbe5d989ef6ec473fbf061f93291ad3bf8c78796fd55afca9b5ba18872c
SHA3-384 hash: 5b82b5500ab76f80b5e3948c01b941b6d70f87dbba3469cc823290acc5621001d028b5bd8a436f4173761ef03e5cbad1
SHA1 hash: 84c5b9bfdc8cbf6eaedb77e40e1d63e52d530da4
MD5 hash: 170e36c1745173b5c97aaf4930c235e6
humanhash: california-mexico-failed-princess
File name:SecuriteInfo.com.Trojan.PackedNET.370.23420.12919
Download: download sample
File size:2'211'328 bytes
First seen:2020-09-01 14:01:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 49152:OZAmTgoSoj+Cdtc9g8SaHOY/1opP74l3qF:OfTgO3cLZHlrla
Threatray 9 similar samples on MalwareBazaar
TLSH 77A533339F6F28A9FB59CD733A9E3299768030BB5E5CDD094D930D27794A271384A123
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54047/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.370.23420.12919.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a file
Launching a process
Unauthorized injection to a recently created process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/456681
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 280723 Sample: SecuriteInfo.com.Trojan.Pac... Startdate: 01/09/2020 Architecture: WINDOWS Score: 100 34 Antivirus / Scanner detection for submitted sample 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Machine Learning detection for sample 2->38 7 SecuriteInfo.com.Trojan.PackedNET.370.23420.exe 6 2->7         started        11 GoogleUpdateCore.exe 1 2->11         started        13 GoogleUpdateCore.exe 2->13         started        process3 file4 28 C:\Users\user\...behaviorgraphoogleUpdateCore.exe, PE32 7->28 dropped 30 SecuriteInfo.com.T...T.370.23420.exe.log, ASCII 7->30 dropped 42 Hides that the sample has been downloaded from the Internet (zone.identifier) 7->42 15 GoogleUpdateCore.exe 1 3 7->15         started        signatures5 process6 signatures7 44 Antivirus detection for dropped file 15->44 46 Multi AV Scanner detection for dropped file 15->46 48 Machine Learning detection for dropped file 15->48 50 4 other signatures 15->50 18 RegAsm.exe 1 15->18         started        22 RegAsm.exe 15->22         started        24 RegAsm.exe 15->24         started        26 GoogleUpdateCore.exe 15->26         started        process8 dnsIp9 32 79.134.225.102, 1548, 49744, 49745 FINK-TELECOM-SERVICESCH Switzerland 18->32 40 Hides threads from debuggers 18->40 signatures10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d701dbbe5d989ef6ec473fbf061f93291ad3bf8c78796fd55afca9b5ba18872c/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-10 17:06:00 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
310cefc179408ff581586723134d97a25986cfce28d8a6ae065ac9634febc44d
7faef4d80d1100c3a233548473d4dd7d5bb570dd83e8d6e5faff509d6726baf2
8bb5235e01056ce0d340a3042095fd29cb416e8f6a8843e3db9d547177fa1313
93e653b686d01012c4034c88124c73880d0d1b3bef322763ee9643023bfe65b4
9dbd3d33f93d61659ba4cf9213ed43b694f091bd08ba634595f68576f0881fcf
ae56d57584819808e38b6b430dd066a14cc036cec568a0832de08e3f65bccc87
c70b23f2fb34022b8ba6f83b9a3317b2765be7aa5277d22b8613edf80b8a10c5
d12a70b8a6d3ffadc322706397e3bf624ffe8b1917b566686997f4012db0fff7
f86974cc3a2a1d06dcc4effe66d6e27380dd4e4e4fe254a1b88a3ea3c7e681c4
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx persistence
Link:
https://tria.ge/reports/200901-flgmagxh9n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d701dbbe5d989ef6ec473fbf061f93291ad3bf8c78796fd55afca9b5ba18872c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d701dbbe5d989ef6ec473fbf061f93291ad3bf8c78796fd55afca9b5ba18872c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/451006/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/54047/

Comments