MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043
SHA3-384 hash: 30ef964de1a26367386b18546c10826dbdba652c869de84e71651599d3e4fd0dc09ae75e868ae790f982905a10f0170b
SHA1 hash: fecb0830eba8252df0028e98e1a4de9faedd71fa
MD5 hash: 50fa25eacfca7fdba227b28ef6a4796a
humanhash: fix-one-pasta-asparagus
File name:50fa25eacfca7fdba227b28ef6a4796a
Download: download sample
File size:314'880 bytes
First seen:2021-10-02 09:21:31 UTC
Last seen:2021-10-02 10:03:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2acca7007d519418a75fa59166363dda (6 x RaccoonStealer, 5 x RedLineStealer, 2 x ArkeiStealer)
ssdeep 6144:uvLPxGgvadekg79hPJXFagb+iQu/9l9eSCQaMpjqdhdQYeIVLY:uzpfvadeV79hZJb+iQ69l9E4pm8Ie
Threatray 346 similar samples on MalwareBazaar
TLSH T1D3649F20B7E0C035F47752B945B693B8A9297EB09B3491CB63D43AEE96346E4DC30787
File icon (PE):PE icon
dhash icon b1e8ccb6f4d8f1ae
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
50fa25eacfca7fdba227b28ef6a4796a
Verdict:
Malicious activity
Analysis date:
2021-10-02 09:24:16 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/e2d5d281-13d3-4a08-aef4-738f2687a022

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/194170/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.27394.16655.29138.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5ccda9e9-3374-4f50-abc4-e40aa24a3e3a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/863148
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043/
Threat name:
Win32.Backdoor.Convagent
Create hunting rule
Status:
Malicious
First seen:
2021-10-02 09:22:09 UTC
AV detection:
20 of 45 (44.44%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0fc23c2e005cdfed1a0380dd7a06dda83b882f8d392c7f157b783822d21d78a1
2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847
3789eb98cd85bdb343c973c3ac232819ff1b993e59b808eb278b364be099cc48
4253b25f9f647417d333f0f91966f6aaeac83b44b30bfcd8167ae949fb3c8500
46833cb6d7164e28570005bd33ca5a46e3d1f3666677d1a1ef541b70f98b5d14
48f9b4bc2bf75c03449857ff0d6b47c35ab97ed8ba444890ccdd4128d9ae1027
71536640ec28b6c7f0e1d84b33099a780ccefa60f66a7fbf5c5794a676e36f47
79d1a0d0bd8b5672374ab7c97365a6b0276efc6755900cdbdcdb77019e69457a
935099f2160f2dd5fec6a63ea02c81d80c0b2cbf712b0e48b386a81078a627dd
d4fa7e3a47f4d62d9bc0c4608aad5b43fbcb3de3272c891439a3641957bb533d
+ 336 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/211002-lbxbzseba4/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
84a84365a6078bec6e21b0357e88dffccfc7b8aeca50eb2a0dd56fb54c695e0a
MD5 hash:
63bf2a3329e29be8ed7b39044afa6d2d
SHA1 hash:
070d074192ce5380a61cb3572a8fb2188b3e25bb
Link:
https://www.unpac.me/results/374ca406-f3de-4b04-9769-0a13db1c2e7b/
SH256 hash:
e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043
MD5 hash:
50fa25eacfca7fdba227b28ef6a4796a
SHA1 hash:
fecb0830eba8252df0028e98e1a4de9faedd71fa
Link:
https://www.unpac.me/results/374ca406-f3de-4b04-9769-0a13db1c2e7b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/194170/

Comments


Avatar
zbet commented on 2021-10-02 09:21:32 UTC

url : hxxp://194.145.227.159/pub.php?pub=mixruzki/