MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddf2740467d31c8b672bf66d71d9e4a59c04baf15c63752abfffe37e90c496e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddf2740467d31c8b672bf66d71d9e4a59c04baf15c63752abfffe37e90c496e4
SHA3-384 hash: 7ed82fc172d90a502570a646fb78ca297dceb477f0f5ec1f80798b55ed8a84b1ed1fa387083896aa092381e25867a7e8
SHA1 hash: 6f3a3bc86c62dd84180675e02a928d06167eec84
MD5 hash: 1e00c034fe9dab4478a8a5b88df04b49
humanhash: london-emma-princess-xray
File name:SecuriteInfo.com.Trojan.PackedNET.380.31004.19062
Download: download sample
File size:168'960 bytes
First seen:2020-07-10 12:10:41 UTC
Last seen:2020-07-10 12:56:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:bShzDhvHSvP4FciLnQJokaq3+d5FKiJQvD+U83UH4:bShzdfwiLnQ+bJQvD+L3UH
Threatray 160 similar samples on MalwareBazaar
TLSH 4CF38D8436B873AFD4ABD7F58E641C24A7703177935BD2168C8314EE6A5CB82CF506A3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24385/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.380.31004.19062.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file in the Windows subdirectories
Launching a process
Setting a global event handler
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddf2740467d31c8b672bf66d71d9e4a59c04baf15c63752abfffe37e90c496e4/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 10:15:24 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
046fcefda9ada308cb42a92f7f3237de20c0efc259c1b7ef649d528577dfe2cf
130a1070851bfc4e41ace49185b630338cd5c108a53e0d46d09a0abb258ece6f
448b0a449c23cf6b69459242a709785a3fa1c3cae3d4399673f2e20d0eec6be0
9742adf8c511be66c57c236b2849338090c3b7cc0f7ac13f5ff14cdcbfe19912
bfbb3994c6e4d6ae2d30921757d039e004d1f5274c314765e641bf111bc0dec7
cbbdd903cc05a12c3fd5bcf2ab1a651800245e7003fcf6df5a1a7b1c362cf96c
cd9532fea4c331fed21dd929be9a963c50662e545e38a63fcae56cf13199fead
d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5
f81ffe76cfa1447a52ab6613c83933a5040b49221bb16c5a86ba416b3026240b
f892f7e0b4bcfd9084ac791d72a87a95a16ca175a154faf0a2e24da5dd205bce
+ 150 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200710-d12f85yddj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Contains code to disable Windows Defender
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ddf2740467d31c8b672bf66d71d9e4a59c04baf15c63752abfffe37e90c496e4

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/24385/
  
URLhaus
https://urlhaus.abuse.ch/url/410772/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/410776/

Comments