MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3a28e90f554b6aea1e64368d44426f3da26e69396e0f7b19bc3d9011fa1d788. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3a28e90f554b6aea1e64368d44426f3da26e69396e0f7b19bc3d9011fa1d788
SHA3-384 hash: b621bd88e9b3596f7c6c1061a8acbe6cec9fdfd73c917c4c2088fdca5df0b5fc9fe6f31e59fd18b80176713e077a35ce
SHA1 hash: 385fad4f043f9d1e5abfdf4e3c50d50759e001f1
MD5 hash: 0afd3c523727da0991e06e8c118fdf8c
humanhash: undress-cold-river-idaho
File name:e3a28e90f554b6aea1e64368d44426f3da26e69396e0f7b19bc3d9011fa1d788
Download: download sample
File size:2'182'656 bytes
First seen:2020-03-23 16:25:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 49152:MVrPaQtmbIMc7YCqIltxmZza0nAaxD2h7EhE5MhqkquvQvQZz/YnSSiFHPcJz9XK:MVrPawmbIMBCqIl3mlFnAaxD2h70wM0U
Threatray 13 similar samples on MalwareBazaar
TLSH E7A5025275459CA8FEBE5731F0E47A2CC3F4338371E9A86E0EDD294111A56C8B93988F
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.12432.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2019-02-08 09:04:47 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
011a4b06a1a31fec0e9d5a013b9721f4e30f0ec963d07c42cb1d0e41c30df389
4e8ddcec5c75934d0418b3f5f66c20925bd67b6acda0bb0c3a0ee684865a6e4b
67e4afe6e9701d2970eb3b62da0676750ba3e861801414f2036f3ec039b2e56b
720f6f2a125359d8b85eea767c95d0059cb46eba2fc05a53bcfbf73b5bfc8531
72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77
97699d9ff91d55ce4a2088d750783a4838a34e99399b3a4501b35c46d8797f08
a1438fd2ecd8a17372fde0f4920d510bce698eeb2eec5d29d67fbc15523d2e1d
cbaf28d8fb7addec023228bbdd6a5062e875070bc16452c15515792b78855000
e1c5d948acc6e111d7ac16afb0d2474163fa478595caa8751afd266d71f0a9e8
e4b9d743c8ae9db1c7232c68e57d98efb5906a00b00ad5d9ab105ef1695de7c8
+ 3 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e3a28e90f554b6aea1e64368d44426f3da26e69396e0f7b19bc3d9011fa1d788

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/119938/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments