MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc
SHA3-384 hash: ac0e2c2d3a8c8904e9f530d1e644c033505d8dfc832b7741b46ea02ad0d76356003ab5566e4a58b896ce2d859b943e27
SHA1 hash: 372f76c2c637d3ff96a9851a5a63adb8b5a3033f
MD5 hash: 4a3b3aa0b72d467be7321ceac9d3db92
humanhash: colorado-river-high-vermont
File name:iqbtcvforWiTEi.bin
Download: download sample
File size:656'896 bytes
First seen:2020-07-20 10:57:55 UTC
Last seen:2020-08-02 07:34:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:oeIdz1AOQ71q9I6/kldSCGDyaod+ik4g8y3SoDOD/hqCjhZCdBUk:oL1AP7OPW2rEloDahqO
Threatray 41 similar samples on MalwareBazaar
TLSH 02D4D0C83A40940EC59E1EBA5E52CD708370AD46F6F3E34727C66EDE297E39BC905291
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
3
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28965/
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.20357.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/391385
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 248085 Sample: iqbtcvforWiTEi.bin Startdate: 21/07/2020 Architecture: WINDOWS Score: 80 31 Antivirus / Scanner detection for submitted sample 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Machine Learning detection for sample 2->35 6 iqbtcvforWiTEi.exe 2->6         started        9 iqbtcvforWiTEi.exe 1 2->9         started        12 iqbtcvforWiTEi.exe 2->12         started        process3 file4 37 Antivirus detection for dropped file 6->37 39 Multi AV Scanner detection for dropped file 6->39 41 Machine Learning detection for dropped file 6->41 14 iqbtcvforWiTEi.exe 2 6->14         started        16 iqbtcvforWiTEi.exe 6->16         started        29 C:\Users\user\...\iqbtcvforWiTEi.exe.log, ASCII 9->29 dropped 18 iqbtcvforWiTEi.exe 1 4 9->18         started        21 iqbtcvforWiTEi.exe 9->21         started        23 iqbtcvforWiTEi.exe 2 12->23         started        signatures5 process6 file7 25 C:\Users\user\AppData\...\iqbtcvforWiTEi.exe, PE32 18->25 dropped 27 C:\...\iqbtcvforWiTEi.exe:Zone.Identifier, ASCII 18->27 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 10:59:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0ff038b8766060a9271421332d144e11a9d2c7001375551dae3f3c195a33fbf7
2d0e112a742f88579d78f0a2feab230d56bc2d4e5c8b07ec4fa5ef45f482b11a
4457784cd62e015367ddc6a5a283b8065808ea05d483e04159624e7f5a94b1fc
50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46
5258ca686922497380fdc5c7b379d805c914ba774ad6d6dc5b0455e5ecd8414c
54828c080b94bdbf7bc08ff7a3fc69fa5a91d1b067d2997af8ef60c0304b4aed
5ea87704ee73ec6165288907824fe246c4d8bb4f0599ba234973cfd79357a4d0
d5981944f6c22372071e6086b7952be5a8bca3b4961030bea0ed4eacc8f6c096
d638daafd94dacec287bbbce2662a4f8e35f21f7dfb5905ac4b5295504431a0f
f84fb6d4efc2d260e4afc8515a01646621b32a5a8e767d7f0056a3e3f0f9aacb
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200720-4l746pq3qs/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e2a5f032f531b0dba4379de8da36ad1e5617d4b5630bfeeb1db7ca75cf976dcc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/415181/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/28965/

Comments