MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea22f746189bf2d6ad50b7e04bf79cc153ce431f04dd2c5437632949d7eb66d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea22f746189bf2d6ad50b7e04bf79cc153ce431f04dd2c5437632949d7eb66d0
SHA3-384 hash: 816e21970a3c10031b9bd8106b4c36523776f4a9e933fdb26625818eb475cef5b1b4e54785642b381c0450a5e0cf9313
SHA1 hash: 9dea14475523a9162b846d5bbe1eb93c8066d6ee
MD5 hash: 9aba46c9fa485955d8fc0f10619c47af
humanhash: thirteen-football-hydrogen-sad
File name:e7873f9.exe
Download: download sample
File size:467'456 bytes
First seen:2022-10-20 07:30:05 UTC
Last seen:2022-10-20 09:23:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:ddb4yz52wbK+Eoc6uika9oszP8qjdqaOgk8V8xSGY8lw:d+yzAqETikaHLcatZ8E
Threatray 507 similar samples on MalwareBazaar
TLSH T1B4A4019B42DC1F21EA3ACFBC7A1B6B0993FBD2EA4D94D5197472648B9EC734B5390001
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter GovCERT_CH
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e7873f9.exe
Verdict:
No threats detected
Analysis date:
2022-10-20 07:32:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/80e99b09-68db-4343-b923-b0083ec285c2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/321922/
Detection(s):
SecuriteInfo.com.Trojan.PWS.StealerNET.122.32375.32622.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6350f937a67b0a5ed57a8405/reports/ffde237d-d2f3-4f77-946d-b24eb68e66ea/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f6c1fab5-d561-430b-a10b-175d5fd2b8ff
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1093984
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 726606 Sample: e7873f9.exe Startdate: 20/10/2022 Architecture: WINDOWS Score: 52 19 Multi AV Scanner detection for submitted file 2->19 21 Machine Learning detection for sample 2->21 6 e7873f9.exe 1 2->6         started        process3 file4 17 C:\Users\user\AppData\...\e7873f9.exe.log, CSV 6->17 dropped 9 RegAsm.exe 6->9         started        11 RegAsm.exe 6->11         started        13 RegAsm.exe 6->13         started        15 2 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea22f746189bf2d6ad50b7e04bf79cc153ce431f04dd2c5437632949d7eb66d0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-10-19 06:26:48 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5irporqytpznnlkqw7qex544yfj44qy7atosyvbxmmuutv7lm3ia._file
Verdict:
unknown
Similar samples:
3a64393091b5986993f20990f8709a8e0e06375d692b5721c216eda9782c6f5d
4545f4eb2f04f075efdee44e3c2f98e31b5d3c25a258614cc6c85f8ea9cfd1e4
6b7204b9938cdc7e24b589faac4e12ed848c7121269899614b38bc95784845b9
7157ea22835284e4b38c05ac415ead575656efa2389f74dcfbb8ab910031427c
7497edc571612474fa977fb41380c3a95b2912b2cda52898dc0a404f067c9ee3
9316de8b3697c6a6f1fba5bc0b653cfb6202aa7429b5d203523a9768e9a772e9
a0b829fae3c9ce99cd60eda2fd16812b75b380b0f7adb3e56ead69e087c2d574
bb06bf5d8b68991bf2545a1b560b535d35ec17f870f4b53f62c31dc3d1148408
+ 497 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221020-jcc9dsbff6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Gathering data
Unpacked files
SH256 hash:
ea22f746189bf2d6ad50b7e04bf79cc153ce431f04dd2c5437632949d7eb66d0
MD5 hash:
9aba46c9fa485955d8fc0f10619c47af
SHA1 hash:
9dea14475523a9162b846d5bbe1eb93c8066d6ee
Link:
https://www.unpac.me/results/0c242105-a427-40dc-b8d0-e71fee047a65/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/ea22f746189bf2d6ad50b7e04bf79cc153ce431f04dd2c5437632949d7eb66d0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip c811fe613f2137e5ba4ed356a7fd4546174e69dcd71c203fc72eb115c98fee43

Executable exe ea22f746189bf2d6ad50b7e04bf79cc153ce431f04dd2c5437632949d7eb66d0

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/321922/
  
Dropped by
SHA256 c811fe613f2137e5ba4ed356a7fd4546174e69dcd71c203fc72eb115c98fee43
  
Dropped by
MD5 0ef5be8227fc85471807e92028a2e1c8

Comments