MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df54c4cf12eb9ff00568d4936f2c55a3193f6726b1a7f59c78a88a6f06488dbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df54c4cf12eb9ff00568d4936f2c55a3193f6726b1a7f59c78a88a6f06488dbd
SHA3-384 hash: e409571c0e05c34c459a79e65d762ad5c31765c81e9659e3b508f39215b3a799cace41654378505ff6cefc09c587b89a
SHA1 hash: bc33bdb3c6bcaa50f9d75dab40c9b1245f933e9c
MD5 hash: bcb227ee4519940ce9caaacafbb6f823
humanhash: black-november-blue-football
File name:bcb227ee4519940ce9caaacafbb6f823.exe
Download: download sample
File size:317'440 bytes
First seen:2020-07-08 16:48:27 UTC
Last seen:2020-07-08 17:58:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:GornzwHVEefLMJssDnpD2PI/hykWMomm:GorMmeDEp
Threatray 74 similar samples on MalwareBazaar
TLSH 05648D023249853BC1590339D4A2CF27AF35ED590362F74B7AD97AABBE2A39C0D74315
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/23281/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
DNS request
Using the Windows Management Instrumentation requests
Creating a window
Reading Telegram data
Reading critical registry keys
Stealing user critical data
Sending an HTTP GET request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df54c4cf12eb9ff00568d4936f2c55a3193f6726b1a7f59c78a88a6f06488dbd/
Threat name:
ByteCode-MSIL.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 16:50:07 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
14fe0fa7e16253e53ce4c25616e08006ad09330bea8df9161a47b2815cd83067
1ca0fa0599ad3337700cfe55be2f6d0462a7e4301f8ccfdd87167a66754e7e71
24c871a763e208ba82f7ce7df48fea42c962214954181dc72f17c9112cc74c5e
2cba7569fc0d1b991734fdc617a03fe425edeff12546d81702254404b0bf33ab
38ee6bea62658ae4fa75914261a5848a8db5b332ddfb52daf01e958871559e15
a415be3007323e2f44f88d02d2a7c5225ae795235d57aba13fa5057ff6acab61
bc73cd93e40c3f14501d016a393f95d4a481a5a7d2fbbf99a6dc5e2b88156885
e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
eedbb575580c9efc8e2a065c6713d388094d08b54d7d4e383ff7ee9446646241
+ 64 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/200708-hk463schgx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks for installed software on the system
Checks for installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe df54c4cf12eb9ff00568d4936f2c55a3193f6726b1a7f59c78a88a6f06488dbd

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/23281/
  
URLhaus
https://urlhaus.abuse.ch/url/407605/
  
Delivery method
Distributed via web download

Comments