MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
SHA3-384 hash:	9bb1da2fc8bdde618adc078099ff844760d54b3e5a1c2d682999113f9a40fc26bb927dd4f9715d80525e17493890876d
SHA1 hash:	6379c769e997112874da5aa2b0695952e92a013c
MD5 hash:	4c1fcf062199b6d092a450fcb0d8439e
humanhash:	nine-pizza-mississippi-washington
File name:	ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
Download:	download sample
File size:	562'688 bytes
First seen:	2020-03-23 16:19:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep	12288:rYV6MorX7qzuC3QHO9FQVHPF51jgcHI3elOr7xzTCogrb3Qlcs:IBXu9HGaVHH4elOoLrbglB
Threatray	4'848 similar samples on MalwareBazaar
TLSH	DAC422813BF9D3A8F0F65770ADBA50604936FCA1DD78D31D6064B91EA876F808862773
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

Win.Dropper.LokiBot-6979740-0

Win.Malware.Autoit-6979743-0

Win.Dropper.Sodinokibi-7685999-0

Gathering data

Threat name:

Script-AutoIt.Trojan.Sagent

Status:

Malicious

First seen:

2019-05-07 14:22:51 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

30 of 31 (96.77%)

Threat level:

2/5

Verdict:

malicious

1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298

2a11f8f83b6c7fc23742f76d10d013aef543026557ddcd62879a638f6fd00c52

2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067

30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921

38cafe26c2a04715f175182f36462f482bdbbcb1d875654b9ac1242c29f50b06

8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741

9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4

b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893

e69790e910b1817bcfb714f20fda02b6e024babd3dfcea8fa982192928a5df93

+ 4'838 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/192432/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical

Reviews

ID	Capabilities	Evidence
AUTH_API	Manipulates User Authorization	ADVAPI32.dll::GetAce
MULTIMEDIA_API	Can Play Multimedia	WINMM.dll::timeGetTime
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA
WIN_NETWORK_API	Supports Windows Networking	MPR.dll::WNetUseConnectionW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample