MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5ebf928e029cbd3799e7db55f61252e11ab3a821a5998b9044c0ea76aa65b20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5ebf928e029cbd3799e7db55f61252e11ab3a821a5998b9044c0ea76aa65b20
SHA3-384 hash: 06b600829fa42a5f512c274583d8fc62de5e42fa4f324a1293da7d35678615ffac136ea950b594192b8b2b7a8fc4aeda
SHA1 hash: 6411ca9abd480e6ef45291843e8e7dfbc85ff7b0
MD5 hash: 9f6215f166653c320ed7e749d6114cdd
humanhash: autumn-bravo-hydrogen-green
File name:9f6215f166653c320ed7e749d6114cdd
Download: download sample
File size:1'993'728 bytes
First seen:2021-07-29 11:28:52 UTC
Last seen:2021-07-29 12:46:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:BGoOaVzui+hZiGDP5jracR106F7/LNW0AFtfELStScik:0Baxu7iyBWcR1L9/LsbFtfELu4
Threatray 39 similar samples on MalwareBazaar
TLSH T1519533CD6BA21678F1428E3D84B98C7B3F3EDB54AE9606E0137C178959C3F1C96913A1
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9f6215f166653c320ed7e749d6114cdd
Verdict:
No threats detected
Analysis date:
2021-07-29 11:36:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/30102fe8-2a28-40d4-976a-40e538fc1f9a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174999/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.943.26908.25220.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/251a0fa5-6137-4803-8afe-6e8e2f3b9f15
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/823775
Signature
.NET source code contains potential unpacker
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 456186 Sample: 2Oz0mlnoqB Startdate: 29/07/2021 Architecture: WINDOWS Score: 72 46 Multi AV Scanner detection for submitted file 2->46 48 .NET source code contains potential unpacker 2->48 50 Machine Learning detection for sample 2->50 8 2Oz0mlnoqB.exe 6 2->8         started        11 services32.exe 3 2->11         started        process3 file4 38 C:\Users\user\AppData\...\services32.exe, PE32+ 8->38 dropped 40 C:\Users\...\services32.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\...\2Oz0mlnoqB.exe.log, ASCII 8->42 dropped 13 services32.exe 6 8->13         started        17 cmd.exe 1 8->17         started        19 cmd.exe 1 11->19         started        process5 file6 44 C:\Users\user\AppData\...\sihost32.exe, PE32+ 13->44 dropped 54 Multi AV Scanner detection for dropped file 13->54 56 Machine Learning detection for dropped file 13->56 21 sihost32.exe 2 13->21         started        24 cmd.exe 1 13->24         started        58 Uses schtasks.exe or at.exe to add and modify task schedules 17->58 26 conhost.exe 17->26         started        28 schtasks.exe 1 17->28         started        30 conhost.exe 19->30         started        32 schtasks.exe 1 19->32         started        signatures7 process8 signatures9 52 Multi AV Scanner detection for dropped file 21->52 34 conhost.exe 24->34         started        36 schtasks.exe 1 24->36         started        process10
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-28 19:44:00 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
57430cbbfebdef7c54698b00102dbd2098aef53ba4bd5fa43660c2e306f53482
995ab2c020f8d8ac61c6c5e2bfdd383f2134a6463ea2ba218337b80b639e13cd
b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae
c0b57dd5b03e87a86866c7785e7e5356387c4d3b012b97ae57c6c27e664834c6
c6c9d678a3313c5bb7fe71194a2a1e4d3ffca2f04252dd1983ba657cfe17320e
e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf
e481e934466d3e768442331a3c3af50c4d430b6ed14059afbe661925338ef531
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210729-1dsfpc9n1a/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
e5ebf928e029cbd3799e7db55f61252e11ab3a821a5998b9044c0ea76aa65b20
MD5 hash:
9f6215f166653c320ed7e749d6114cdd
SHA1 hash:
6411ca9abd480e6ef45291843e8e7dfbc85ff7b0
Link:
https://www.unpac.me/results/b23ea7eb-54ff-4f02-b26e-fbd6901991a8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5ebf928e029cbd3799e7db55f61252e11ab3a821a5998b9044c0ea76aa65b20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e5ebf928e029cbd3799e7db55f61252e11ab3a821a5998b9044c0ea76aa65b20

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1489723/
Cape
Cape
https://www.capesandbox.com/analysis/174999/

Comments


Avatar
zbet commented on 2021-07-29 11:28:53 UTC

url : hxxp://194.226.139.141/Minerrr.exe