MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9f48ee07c060bd829f28387a16c8eba4ef1d2fb475fc03a09d944cc858b77fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HiddenTear


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9f48ee07c060bd829f28387a16c8eba4ef1d2fb475fc03a09d944cc858b77fb
SHA3-384 hash: 8423274cadd93c2ec3c2073357fc540806fad6bc4c38602c69f39b526094ab8bd8ea521988b37871e15a1c7bad691ec0
SHA1 hash: e4bc7ad5b10a1368180b62271d5c7cb225e252cd
MD5 hash: 501cef283d020949cd3b1535fbf6c386
humanhash: ten-chicken-lactose-ten
File name:ea2.exe
Download: download sample
Signature HiddenTear
Create hunting rule
File size:145'408 bytes
First seen:2020-04-07 19:44:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:2Y4KM+lmsolAIrRuw+mqv9j1MWLQog9FlCW:E+lDAAIc
Threatray 418 similar samples on MalwareBazaar
TLSH B3E399E1A740C465D8A79679C43BDAF3A423AE0DDC68490E2DD2FF0B7D72346402799B
Reporter James_inthe_box
Tags:exe HiddenTear

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'176
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/590/
Detection(s):
Win.Ransomware.Hiddentears-7648972-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Filecoder
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 11:08:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5h2i5yd4ayf5qkpsqod2c3eoxjhpdux3i5p4aoqj3fcmzbmlo75q._file
Verdict:
malicious
Similar samples:
09f8a42b72c8fd08de050e62348c0e6d785eccf5c0b0a954347478ff4194c92c
HiddenTear
38e29aa857f36f3a0983fa2af94ca5ea0d8979cff96d0ca433d8142ac4b97935
HiddenTear
3abbeefa4827879f783af9537f3a42dd70a92c1bed43de28583b37018f2b8bca
HiddenTear
57cae1b73b5ac0a6e45828347f9db6a1671421a222f03e91dd9c231b4994ca50
HiddenTear
5d9e4abeeecf4ac855880206049246abe0f49a14bfc693349a81605478dde63b
HiddenTear
6531e27374794a93cc0ffc45aaf272e16e17138bb205ce29cf015404808575c9
HiddenTear
796f7afc0f1f4d9a1c8a35e2847d8b90edac5face4bcbfc5e020bb4a88338fee
HiddenTear
aaba8a30d1c77d489888656569a452a3d78b5be0323062c812f0670a9828973d
HiddenTear
b984f4f7320216f361cd6186586222abe979806a6e8d316404aa7092a7371acf
HiddenTear
ef75872ca98166b1d1d4099be8947f2a03c53fe8444a443097943d55352a2de0
HiddenTear
+ 408 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/590/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments