MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e93ac690642535aadb1a9a22f348c5fbb54e7ba04fc1d02235bc9415d72c466f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e93ac690642535aadb1a9a22f348c5fbb54e7ba04fc1d02235bc9415d72c466f
SHA3-384 hash: 713c035823b29734b4298daca6039ed7a402bc8198545c579d95647920ce476b09eb15417d74a7ff647ccf2b96590501
SHA1 hash: abeff6776d56bfb0e3cdde66fc90c9b13fc65a66
MD5 hash: 858ee483ad06ed3a8a1a283ebe13b638
humanhash: hawaii-yankee-helium-ten
File name:e93ac690642535aadb1a9a22f348c5fbb54e7ba04fc1d02235bc9415d72c466f
Download: download sample
File size:1'426'432 bytes
First seen:2020-03-23 16:20:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 24576:mCqZKJrziHhFPFRSjQS2LqpAxSWAe2ImO/DJzTDmmuEo4Ez:1ehFtRXBseYSnagDEz
Threatray 44 similar samples on MalwareBazaar
TLSH FF653381D5FABD88EB21133254375F2D1029FD3DA740D3A66909BB1EBB680D5F860E93
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Small
Create hunting rule
Status:
Malicious
First seen:
2018-10-23 02:47:37 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
6057a10b27aebb92f7d961ce23929dc41579f6da1dcbf28572d8c5f0ffac488b
758c9e9642b467c181548b07d7d47e32e2e37ce7298e0d89674fdbcbe13eb50e
854cd8ed0a2fb46f52cf610b77191562496c88eafa088cd2980d9c21bc3e8aa1
a618654d80abab200243945d1fb26204acb5bcc6e145656b8fb7152d8ab6a52e
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
+ 34 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e93ac690642535aadb1a9a22f348c5fbb54e7ba04fc1d02235bc9415d72c466f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/70377/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical

Comments