MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e099242d7dceaf2629624cdb0e3cdadea490d1d0b117577e50b47dce5d86eb00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e099242d7dceaf2629624cdb0e3cdadea490d1d0b117577e50b47dce5d86eb00
SHA3-384 hash: 2a4fd650624720b787bbc85efc4c1b495c652ad0aa7576d651bb55cf5fd3f1cac5b61c62a89257b9e0bdfc68421f8321
SHA1 hash: 9f12871e62461e6501b368ad0a7563be50a82b2b
MD5 hash: 16681628c6497e7979dd3a61080328e9
humanhash: florida-vegan-robert-island
File name:458ca0431a72c7ce0a612177f5189faf
Download: download sample
File size:344'064 bytes
First seen:2020-11-17 12:43:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:K1DOgkrs9GGFRUueYD5J/lIWb2pp64bi/6sxgAjY0Gb2pp64bi/:MD+rs9GGFTDmWb2pcP/6PAsb2pcP/
Threatray 115 similar samples on MalwareBazaar
TLSH 6F7472541C87D925EA54AB3BD2467AE2A0223FF8BA0DEC17CB167D83F97070F1906947
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.11761551-1
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Creating a process from a recently created file
Searching for the window
Creating a window
Creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e099242d7dceaf2629624cdb0e3cdadea490d1d0b117577e50b47dce5d86eb00/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:50:09 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0dd3510b1088c0dd5ebd7f3692d6eeec53009cd6fb8de87650bfaf71bc5dcd07
16c471d08b96936bdb1894c8fd1f17cbee466160e8cfceb9fce8addb62bfe86b
31be15bca048be274cf57fe357a7fe192fdf045cd2c93c2e13a42972db30ddf8
448c36ca3546f4444da82e6889980c21bf6f148e6451a9cfb92ec60547b6c41b
490b24ae49c3a9a3c8f580ed6847c8c96f9027e5be9b122e49728c7dc8ee0498
5564f628b877cee2359d1b9321ec6c4ae20cd4d168ad678afeadf126608af514
ba0465f9805638d867752f4b39af069dd4ae1c172c44fa3fa501f746761b94ba
ddbf8cb72cd40ae9effa10fc0448600eedef3ab6891a9419eb6960d804a89bce
e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937
e85dd1e7ab0b26928c8f917ff0849e745d975c97a9391171ea7218983e441eb3
+ 105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-1z3e2qlrz2/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Modifies registry class
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
e099242d7dceaf2629624cdb0e3cdadea490d1d0b117577e50b47dce5d86eb00
MD5 hash:
16681628c6497e7979dd3a61080328e9
SHA1 hash:
9f12871e62461e6501b368ad0a7563be50a82b2b
Link:
https://www.unpac.me/results/f1db97f4-2a8a-40cf-9424-861bcac830c4/
SH256 hash:
7d19bd1e3f62632c86ef627782d7fcffd100d78983306f643a783b9f4dda3072
MD5 hash:
159afbe93e9ba69cc6e824202128cf6a
SHA1 hash:
8170c83196f8370765173485f10dac89ace2af54
Link:
https://www.unpac.me/results/f1db97f4-2a8a-40cf-9424-861bcac830c4/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments