MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4
SHA3-384 hash: bdd09ec7ee52db43f1df8fde46d2914172c8def491567156bb898109e7ea48da5034beac0f529d888ae46d0a2007e667
SHA1 hash: b9b0b369ff04fd34c2a9299f18ee581f5c54f45a
MD5 hash: 2c6257cfcfcedd95bb0c60378e383e9f
humanhash: asparagus-bulldog-mexico-fix
File name:Toxic Loader.exe
Download: download sample
File size:3'903'488 bytes
First seen:2021-11-28 09:36:38 UTC
Last seen:2021-11-28 11:48:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:1J6zKtLyI3E/BBA60PTBUupuWFOqSSx2WM1J2yPfg5bJAK8quLbZnTtfU:1VyIU/Q60P/FFO1SgWMiy3q8qu5C
Threatray 1'778 similar samples on MalwareBazaar
TLSH T13B0623AC7210B2EEC0A7C476DA6C0C74B62578BB071B8913A15B29ED9D1D887DF244F7
File icon (PE):PE icon
dhash icon 8e3361715569338e
Reporter tech_skeech
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Toxic Loader.exe
Verdict:
No threats detected
Analysis date:
2021-11-28 09:37:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9fc75058-a1c1-4f77-b520-441e0adbcf96

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.ADIW.12136.26671.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Сreating synchronization primitives
Sending an HTTP GET request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61a34dc0c4c53141481fea33/reports/126d4827-7596-4742-9f4f-98c7a3601900/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4554fc25-010e-4602-8895-2fbb455eeb78
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/897334
Signature
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4/
Threat name:
ByteCode-MSIL.Trojan.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2021-11-28 09:37:23 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
6
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca
477e132d01be6d0173535f7dca9b686ec765caccb85a12ed8ad8e4afe81d98a3
55f1305bad8076d3c22ce42ca8e8383b04e4463cbcbd6b8d846422cbd2317a05
7148bb41fee90f24843a31006add5c84e658ccc3583149c0b2b01d6b69aaeaca
7afee7db42c479f35a2b5ca2bd9603342016b3a0f73ebf3bd2e9f6ca41adf2b2
7fc3016705992d80a983c5de4cf83c1c75b3aae80c23eb00b7563cd97116181e
a26f73bdf4e245179dc1920119de2dc3b64a24f36e14ba324eba469e066bdc93
b9f69c00382263ef01dae610684fd189f82b2502b0175819362bb339b7f3878f
c87e6397cfee421392ddb68a814bc6370ff72ab3d32606ec147d66b8ed70db50
df1534cde336da3669ca6a0fc274df68ab3b76d03eb35223f3916692ede16ca2
+ 1'768 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211128-llgpaacbc6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4
MD5 hash:
2c6257cfcfcedd95bb0c60378e383e9f
SHA1 hash:
b9b0b369ff04fd34c2a9299f18ee581f5c54f45a
Link:
https://www.unpac.me/results/8fefd04b-62bd-4033-8fce-f20c397d7c32/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4

(this sample)

  
Delivery method
Distributed via web download

Comments