MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e99f37f96959011aa58267233f120986aefa12831c9bfbff3b3cdee7914f9d7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e99f37f96959011aa58267233f120986aefa12831c9bfbff3b3cdee7914f9d7f
SHA3-384 hash: 27dfc3452f8b4b21436faeded4106826744d32ca56a1d23b5dcb5dcd8ead011f5bd31228ddcd4906d8c1ae79d2c27b22
SHA1 hash: 804bf00ef8ad8958b8e18557af432915e8f41dfa
MD5 hash: d9b0c0cdc81e2cb14927fcffb3073d83
humanhash: moon-september-fish-alanine
File name:Statement_13542 0684y.xls.exe
Download: download sample
File size:834'560 bytes
First seen:2020-08-04 13:21:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:4jlIDTHDWvRBBsG0sYyxoXQYJF9XlkDS4b:4j8bCZnsGGyxoAYj9X2
Threatray 106 similar samples on MalwareBazaar
TLSH E905E1B0B0792CA3C6B881F51812211947FA221DB4EFE7F25DDE94DEABD6F416942C13
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38708/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Launching a process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/409455
Signature
.NET source code contains very large array initializations
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e99f37f96959011aa58267233f120986aefa12831c9bfbff3b3cdee7914f9d7f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 13:20:40 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2fcab21d4d5863ef934dd19e96379fb5e796b9ae4d77d1d6784bfc25887ffacb
47d7d58ecc205502ab85b2f74d462e55b5d1e676d71d94a2a553df482350190b
4ae56999b52479b1985ad4dc0234d26ac7954a4cf54255874f859f3cd91fc45d
7ed29b5971fdfce885116395debc7289bf0e27966e6c72e41f0e6902b30c6575
a3c44389aac31e62cd3267525d4cfebbd65c32fbaec918500b606d67b0ea62d8
b2945f293ee3f68a97cc493774ff1e8818f104fb92ef9dbeead05a32fc7006ff
eca4673c4308cb6dfd3757fcda824d93b7076fa2b2e7b2912863cdc4cb3f422e
f18587b09cc9e48c6fcc74391510ba261d04cd3a788201aec2375d97a87f486d
f54d779388028f7d64fe3b3ba616df17b5cf8244b8f42d53c00d8173c028f585
f91b7471cdeb5b3ff9ac0fbbef508f16a405631a3d3ec8014d0ad87d5e6fbcd5
+ 96 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-m1phjcraan/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e99f37f96959011aa58267233f120986aefa12831c9bfbff3b3cdee7914f9d7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/38708/

Comments