MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f057a1771e9bd14820b5eda119a0a19508a984546ddbed9a356f44178bd24b82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f057a1771e9bd14820b5eda119a0a19508a984546ddbed9a356f44178bd24b82
SHA3-384 hash: 277246a55e678425d0866ace2741d0bac6e68cafee2e841c3ffc94b85a3cc97ea9acf934bae1433d2b274c29421a4f4a
SHA1 hash: fe067dded27b53453cd4b0360088f408fcac17b2
MD5 hash: f0e54257937a0cce319faf635a3e1f98
humanhash: july-glucose-pizza-network
File name:f0e54257937a0cce319faf635a3e1f98.exe
Download: download sample
File size:2'798'224 bytes
First seen:2020-12-16 08:10:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 49152:KqD1ljOKqEA2N+MfL80MIhthlvWk4HqlP:KqxljOKqEAk+uL80MyPlvWkZlP
Threatray 48 similar samples on MalwareBazaar
TLSH 07D59D583C43305FBA8A01B056DB66E892D63019197127398C6B68BCD91D9BB7CDFCB3
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://icy-beppu-4146.under.jp/OSW.exe
Verdict:
No threats detected
Analysis date:
2020-12-15 23:57:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c302b236-c18e-4b8b-8db2-a0866aa5c3f6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108271/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/564021
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 331096 Sample: bdp1F9lLQn.exe Startdate: 16/12/2020 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 bdp1F9lLQn.exe 2->6         started        process3 process4 8 WerFault.exe 20 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f057a1771e9bd14820b5eda119a0a19508a984546ddbed9a356f44178bd24b82/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-16 08:11:05 UTC
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0df2eaf3f216575fde216ea22e4a56d352d14f78b0fcc3453799bd9563053899
1a9644d007b728f70a743529ea97b910baf33351a405d35c065c4d7eccda2b2c
1e2ced0bf97c8caa6021784418f2edba1d0e618034fa15d83a0e8896e0936993
240303beafbfd30a045100616a1f696ee7f0b3822705881ae5f3cc2c3f371339
61f8d11bd98b3fca7ab5239e2fd784d5126617813f7f2c358d32c73eb1686417
7fd71eaed1bde9227d0df97ddf9fdde6a21a4ad14840ba9da30847b0ea2136e0
a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc
c715ce8e0a9a7a56e405f5d8ab9c20784c0380dc9fac45ee5f091f332bdb6b6f
c805a81435618323cd34e9729b058df78e9c496d1d6c752cc3e5c7cb30f26613
dd7f0e91b03b789878c81bc9677686df20e858989c69ee2002e90cc86e033c6b
+ 38 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201216-1pbrrgq4gs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
f057a1771e9bd14820b5eda119a0a19508a984546ddbed9a356f44178bd24b82
MD5 hash:
f0e54257937a0cce319faf635a3e1f98
SHA1 hash:
fe067dded27b53453cd4b0360088f408fcac17b2
Link:
https://www.unpac.me/results/f79aacba-3757-4b31-a28a-5f90982d45bd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f057a1771e9bd14820b5eda119a0a19508a984546ddbed9a356f44178bd24b82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f057a1771e9bd14820b5eda119a0a19508a984546ddbed9a356f44178bd24b82

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/919873/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108271/

Comments