MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee93164d6493fe2cbb9382928a863ef04651f0c1ec81409c4601349b19db57db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee93164d6493fe2cbb9382928a863ef04651f0c1ec81409c4601349b19db57db
SHA3-384 hash: 10417675864e69ee23692e32fa57d4aef635e86c9f1dc9a92e07e57aeab8fec90cf7ef8ace7f736ee2d6173799d4a0d8
SHA1 hash: b2fd1b1f7c3689db334b601b173d4ff16e6e8423
MD5 hash: f8d6a59b9140fb6af43ae918a7eeb246
humanhash: alaska-wyoming-nebraska-oranges
File name:SecuriteInfo.com.Trojan.GenericKD.36471472.23613.15859
Download: download sample
File size:57'568 bytes
First seen:2021-03-09 10:49:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 1536:wnaJqXpiMTxIB6c04GqAZB2oaKlHjclKoHBjoAp4lMo14o6lePKlocAlojcBKcox:KnzIsc04GqAZB2oaKlHjclKoHBjoAp4U
Threatray 36 similar samples on MalwareBazaar
TLSH 88434E7079EAA049F0F3BF3259E53FC98E6F73E10957642E0985901BED70B89DD60622
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKD.36471472.23613.15859
Verdict:
Malicious activity
Analysis date:
2021-03-09 10:55:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/034c6d54-7b32-4332-aa44-2a3d755178eb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123144/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36471472.23613.15859.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending an HTTP GET request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/632576
Signature
Binary contains a suspicious time stamp
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-08 18:43:23 UTC
AV detection:
10 of 27 (37.04%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0024c03b214910f21e99a8444a63a33f07ee1fb54aa63a9d88e4cc97e00d0bb7
07c81cceba2e04d6daebd227f37525bd931d19491dc6dc903e99b0176f1a9252
8409519ab2c6e5ca0e85e40216c98444ac257a491fa8849ce4b3b320df0a0566
8a58d7ff020f9f961e49e4d08d7ffbd6a5abf3db0f9a073be42962140e495086
8ab03364f559f29d882b3c23644e5415892de5798e7f6509a094413d3a4f550c
8f27be1ecb81ba8321027a1ad30f3edb5c4e6317c38facdd8059847de2f8f72b
93dcb5e481c554ccc133ee14c20fcb50739cabc678759030fc39c2d9469c71a9
adbfaef61c436d79f0ab2c890570f73ae979609feafd21d9932e86641aac05dd
cbf445acf88f00bf98448420369d09bb35264d53667272e3363fae6378fa7a1b
d2fdd26effc669ec89f294c59ba3bd55a698c75fe89404655b6b010ef76f2237
+ 26 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210309-jqpyn48zcj/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
ee93164d6493fe2cbb9382928a863ef04651f0c1ec81409c4601349b19db57db
MD5 hash:
f8d6a59b9140fb6af43ae918a7eeb246
SHA1 hash:
b2fd1b1f7c3689db334b601b173d4ff16e6e8423
Link:
https://www.unpac.me/results/c3d06ef2-0b09-458d-9da4-42422f7b6e05/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/ee93164d6493fe2cbb9382928a863ef04651f0c1ec81409c4601349b19db57db

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ee93164d6493fe2cbb9382928a863ef04651f0c1ec81409c4601349b19db57db

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/123144/
  
URLhaus
https://urlhaus.abuse.ch/url/1056298/
  
Delivery method
Distributed via web download

Comments