MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8f4fb208488f24b8fc7354e3f6ec0099486a800a713bb55fedca0a9e21e8879. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	f8f4fb208488f24b8fc7354e3f6ec0099486a800a713bb55fedca0a9e21e8879
SHA3-384 hash:	597cbe88ab5b6478550dc0be6bde8817e2f50361394906beaaa3648f8804d5ca4e4dc10491338cf842217cce4dd407f0
SHA1 hash:	8a2150529786c583b96ecc059275d134e3223cd6
MD5 hash:	9003f66a22a9276bce91b1295280ac4f
humanhash:	illinois-papa-timing-chicken
File name:	SecuriteInfo.com.Trojan.Swrort.1.11611.18554
Download:	download sample
File size:	46'592 bytes
First seen:	2020-05-01 05:38:11 UTC
Last seen:	2020-05-03 17:23:20 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	25b3acc640473b6fce722f16eff93149 (2 x CobaltStrike, 2 x Metasploit)
ssdeep	768:Ia6WUYGuLljcQG8pflHUw3dGh5ZRx/cNZumPl4ri0SQecUamn/H3RokvrOzCnbcE:Ia6ALljcQFpZUw3sh5ZRx/xnri0SQeca
Threatray	230 similar samples on MalwareBazaar
TLSH	6823F148A3E79A4CD2FB693880775E44453ABB57E8F9975D62CC301B6C72B898C24373
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-4

SecuriteInfo.com.Trojan.Swrort.1.11611.18554.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2020-04-30 17:33:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

28 of 30 (93.33%)

Threat level:

2/5

Verdict:

unknown

45a1bb88d5e48989369b90d346c9d706a24c8b1205c4358b6a3bda278aeee6cf

5d4ee1d47b298efcc8475545d1d28ccaf61192def8085636e225019cced7f9cd

7f261df83598926b168c3515bde5a345dba7828d5bcbdedff5fc55cd16ec23a8

8018cda9143d0dfeddb6ef8e5e90a920d837d0bb7eea826b9ce37f3c96850859

a943fc4408c2f59f2df0afabf3836e5adae92a8f4a4b1da0270e313d8ea78445

aa840ddac1cbded575db7d3ee2d1e3102fd1c35d0a709f42209543f9913e438f

c97112bbfbe643fbde2c2b857761d81d37ed9c7619c0093443800c4ba46a4554

cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead

ea757d5009b479c116f888667fe901ed1c2f5687d26cd611df29298c17529153

+ 220 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe f8f4fb208488f24b8fc7354e3f6ec0099486a800a713bb55fedca0a9e21e8879

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/355319/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
AUTH_API	Manipulates User Authorization	ADVAPI32.dll::FreeSid
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA
WIN_SOCK_API	Uses Network to send and receive data	WS2_32.dll::WSARecv

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample