MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888
SHA3-384 hash: 3c3be244b89c9efeee53eb8c5bf78f9509a213a641d05968ae0c1f83486233e79795c74337cd1523428bae420e097839
SHA1 hash: 5b9ccd21b0ba8dc8c8540a74a2dac3a1bade50aa
MD5 hash: 79b7b9cc898ec6a19baa53da2018113b
humanhash: lithium-low-snake-high
File name:79b7b9cc898ec6a19baa53da2018113b.exe
Download: download sample
File size:48'128 bytes
First seen:2020-07-11 06:12:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 768:o/5rd1vKNreW2w0rWfbAuTka8Zp6lzYaRiciwA4Me5WEjI9Z:o/P1vcTiciwA4Me9jU
Threatray 92 similar samples on MalwareBazaar
TLSH 99230F2C7A56A233E7ACD9358B44C705B35B031B2E8C6B5D1B8F4D8259073B958A0DDF
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24557/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43471640.2420.22554.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending an HTTP GET request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 22:22:23 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
14fe0fa7e16253e53ce4c25616e08006ad09330bea8df9161a47b2815cd83067
2cba7569fc0d1b991734fdc617a03fe425edeff12546d81702254404b0bf33ab
38ee6bea62658ae4fa75914261a5848a8db5b332ddfb52daf01e958871559e15
450f426b4ce996fa470014e739db5382c6ee5b68ee53020c8ad8cac6eda7cd4b
841b9682f1bcb94cc4c510c2564791004f3d1c26ae764c42c145fe16ab093901
a0980c0b0e0c3e32a5910fc48c6a03d5e99338900f7b41d4d7ffd0c70b7354ae
bc73cd93e40c3f14501d016a393f95d4a481a5a7d2fbbf99a6dc5e2b88156885
e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
+ 82 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/200711-brt8l17exa/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks for installed software on the system
Legitimate hosting services abused for malware hosting/C2
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d959ab3ffc54e02792ddc39c6109e1e72a3e48937c225c06f7692bb4f3ffd888

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/410808/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/24557/

Comments