MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d93721684f193337a1698c1c91411af419dd78f97150713c87cb91a92d3b008d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d93721684f193337a1698c1c91411af419dd78f97150713c87cb91a92d3b008d
SHA3-384 hash: c937718dd26cd1694f75340f0e130a88e84b94299b66e1581924fdb823d20a143c29ef352cbd72b108354db0cd136923
SHA1 hash: 9ff99fcb663bd9026970892ecb8238a6e200c1ee
MD5 hash: cabde658d98b2c6b0db0124f03543b3b
humanhash: william-iowa-cold-violet
File name:dkvegoxfbp.exe
Download: download sample
File size:5'120 bytes
First seen:2022-11-04 07:54:08 UTC
Last seen:2022-11-04 10:14:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fe7c6d224ebf568f81d9827f4fbfa02a
ssdeep 48:vpgOH/UTMvmVoWKU0vjEkBUxZ3MC602dqvLdORlBKqlpoZxRH:Bt/UTMvrU0v3273MCZ2mUwqjoZxR
Threatray 28 similar samples on MalwareBazaar
TLSH T135B140C769650CF0CA4ED5F919134B4C7B8A40A00BA445F78A861C0C5EF6FCABD7BA5E
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
Quote 51098672.exe
Verdict:
Malicious activity
Analysis date:
2022-11-04 07:35:26 UTC
Tags:
agenttesla
Link:
https://app.any.run/tasks/00d6586d-ea43-43b0-88f5-8d91f1a753c8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/328377/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.30051.30981.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/48337/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6364c557d998c15a09ab0668/reports/80ad16ae-489b-4b14-81d4-ced53891cd2b/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e78416d2-cbb5-4754-8c52-2682e896d155
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1105223
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 737891 Sample: dkvegoxfbp.exe Startdate: 04/11/2022 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 dkvegoxfbp.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d93721684f193337a1698c1c91411af419dd78f97150713c87cb91a92d3b008d/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-11-04 00:30:48 UTC
File Type:
PE (Exe)
AV detection:
12 of 26 (46.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3e3sc2cpdeztpiljrqojcqi26qm526hzofihcpehzoi2slj3acgq._file
Verdict:
unknown
Similar samples:
324d549fb7b9999aa0e6fb8a6824f7a05fe5f1f21d76fb2d360cb34c56eb1995
33bfe1bb962c7e2fb6653cad9a0826c87931d2faa8c1d05f8d2ff4a7dfa339ce
6b0bde8e3b951658063f012258ab40464eed901536292332451554d45b8e17cd
73976a1f5b3b50590e4566fe4d5f0c7ab481af202add905a33cca33c07175772
93e0b228bcdc4b79836827a3b9c8afa09c97e1b22307f51b82f4d0ca841f39c2
cac5a5a1cd604a792b9231fb65fe38110c631873cfa834bf4f43b9418d1ec17f
d12401aff6e577ad268923a0310d09931870ad0f5c557245376ca0487e4be96d
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221104-jr41nafcbn/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6eedbe5b-fd84-4dc6-ad7b-ab38a77a408d
Unpacked files
SH256 hash:
d93721684f193337a1698c1c91411af419dd78f97150713c87cb91a92d3b008d
MD5 hash:
cabde658d98b2c6b0db0124f03543b3b
SHA1 hash:
9ff99fcb663bd9026970892ecb8238a6e200c1ee
Link:
https://www.unpac.me/results/919ba7b1-4ded-4011-bf5b-53cc1e6443f6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d93721684f193337a1698c1c91411af419dd78f97150713c87cb91a92d3b008d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/328377/

Comments