MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd788c4aec3c45dd1a524971169ac0cccd3271b1a02544398494385a430edfe9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd788c4aec3c45dd1a524971169ac0cccd3271b1a02544398494385a430edfe9
SHA3-384 hash: 08ee5398cb1d8343c97ce81fa6196329f048067ac7bda05cdf84934a2a4cb589f39859c62a2a7272658aa892846889d6
SHA1 hash: 44c5a2a6f456849f9280294300f5892a8cb53087
MD5 hash: b11e1b59c55fe58bee59b66a38bc962c
humanhash: comet-virginia-sink-arkansas
File name:SecuriteInfo.com.Trojan.PackedNET.380.14044.9944
Download: download sample
File size:162'304 bytes
First seen:2020-07-10 12:11:06 UTC
Last seen:2020-07-10 12:57:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 3072:nWzhsSMyJHmpu603KCDWi4eFlP5nn01rmpU8THW:WzuSMIGu5KmWi4eL901rmpLTH
Threatray 99 similar samples on MalwareBazaar
TLSH AFF37C8832B477AFD4BBD3F589642C24A771346B4717D20A8D8324DE5A5DF82CB50BA3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24391/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.380.14044.9944.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd788c4aec3c45dd1a524971169ac0cccd3271b1a02544398494385a430edfe9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 10:14:52 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
046fcefda9ada308cb42a92f7f3237de20c0efc259c1b7ef649d528577dfe2cf
130a1070851bfc4e41ace49185b630338cd5c108a53e0d46d09a0abb258ece6f
448b0a449c23cf6b69459242a709785a3fa1c3cae3d4399673f2e20d0eec6be0
9742adf8c511be66c57c236b2849338090c3b7cc0f7ac13f5ff14cdcbfe19912
bfbb3994c6e4d6ae2d30921757d039e004d1f5274c314765e641bf111bc0dec7
cbbdd903cc05a12c3fd5bcf2ab1a651800245e7003fcf6df5a1a7b1c362cf96c
cd9532fea4c331fed21dd929be9a963c50662e545e38a63fcae56cf13199fead
d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5
f81ffe76cfa1447a52ab6613c83933a5040b49221bb16c5a86ba416b3026240b
f892f7e0b4bcfd9084ac791d72a87a95a16ca175a154faf0a2e24da5dd205bce
+ 89 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200710-mdejdvfz1s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Windows security modification
Modifies Windows Defender Real-time Protection settings
Contains code to disable Windows Defender
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dd788c4aec3c45dd1a524971169ac0cccd3271b1a02544398494385a430edfe9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/410771/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/410775/
Cape
Cape
https://www.capesandbox.com/analysis/24391/

Comments