MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f
SHA3-384 hash: bce235e7e4a0674198a05dec9218b274e45288ed0886b122b90c9ddd70ed2d43409387d143627a341b896d40eadbbd22
SHA1 hash: 0dcdf961da9fe9e4b3e1e70895a9e3bea43b8487
MD5 hash: 4141eca3c3f8fef9dd9386f5a97d1730
humanhash: fruit-artist-oven-enemy
File name:SecuriteInfo.com.Win32.Herz.B.21271.15275
Download: download sample
File size:876'032 bytes
First seen:2020-05-12 11:35:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a70f3f17e18e94928f7115f310a1dc4
ssdeep 12288:qR7dtc1O3OkzOISVUQdnA5320udekj0I1y3dsz2+L/LAYaGDlK:qnu1jdIEHd0udekQrsS+LkYPxK
Threatray 54 similar samples on MalwareBazaar
TLSH 7A15CFBE9712A702E0FC2BB043D3DB64146E1A90F2518217C5B11F597F53BE8BE86B58
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Herz.B.21271.15275.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 08:56:26 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
4245088e2600188006929bc88f455b57e849ef1748c0bda3e9bd3c4dd23ae017
77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
82686d76af9091e9988d8814900e65641e76d1cbedb261b9496a87708f7dd01f
987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8
ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e
e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a
e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/201109-s4jyyfrlma/
Behaviour
Enumerates system info in registry
Runs ping.exe
Suspicious use of WriteProcessMemory
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Deletes itself
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/361498/
  
Delivery method
Distributed via web download

Comments