MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fbfb7c45f83388daa8491bbd911ef108704b48cd058397f43248ab76c97e5182. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | fbfb7c45f83388daa8491bbd911ef108704b48cd058397f43248ab76c97e5182 |
|---|---|
| SHA3-384 hash: | cf067e2dda6d6ce9b39afc94944a0ff64392d67c1039b510cac04cd45af33106705aa3bd8b2ba455c446ef5ea0817d12 |
| SHA1 hash: | d301882ba6c9edc125ef5f5a663edaf0bae939be |
| MD5 hash: | a76402a8b6b588b54fbeaed5b614c849 |
| humanhash: | nuts-delaware-hawaii-seventeen |
| File name: | SecuriteInfo.com.Trojan.DownLoader35.6568.12369.18460 |
| Download: | download sample |
| File size: | 361'120 bytes |
| First seen: | 2020-10-24 07:58:28 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'207 x SnakeKeylogger) |
| ssdeep | 6144:WnbmCL9CtBgzeGAZz/LQgfxGEOSu7Bpxdc:C/L9CtCzCZz/EgcEQVDW |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | 20744BB1D398285AEA9D9CB1F90C1B34A3709191B10AF26E12E5FF3D55DA38D001F77A |
| Reporter |  SecuriteInfoCom |
Intelligence
File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Creating a window
DNS request
Sending an HTTP GET request
Delayed writing of the file
Running batch commands
Creating a process with a hidden window
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.Masson
Status:
Malicious
First seen:
2020-10-23 21:01:00 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
Result
Malware family:
n/a
Score:
7/10
Tags:
spyware
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
fbfb7c45f83388daa8491bbd911ef108704b48cd058397f43248ab76c97e5182
MD5 hash:
a76402a8b6b588b54fbeaed5b614c849
SHA1 hash:
d301882ba6c9edc125ef5f5a663edaf0bae939be
SH256 hash:
f7a4a0a5a152193e4a5fc155ab452a37a0c101ed9dcd4471d04cf97c4def0324
MD5 hash:
a437deb003134e4d3586c059238c034c
SHA1 hash:
2df3e9707ea70e9132f0a1dfe9fbe1c88f33d225
SH256 hash:
702bd7e1669df975694a636ff8cdc7e6135543d2afcf55512fcda3fe1cb95eb8
MD5 hash:
2c0072feac8fc39fd07292b2c7ca9b87
SHA1 hash:
5727f0132a6eb54773f04e0a7aef408bf99b2780
SH256 hash:
5fda7ee9bc5175075ee399ebf129d02f46eee3955ec06d359409e913ba7612d7
MD5 hash:
a10645a9d67ce46819443318e9b3063c
SHA1 hash:
a1ba5cfd0eb7fda77e513e3cc5c647baba61e29e
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe fbfb7c45f83388daa8491bbd911ef108704b48cd058397f43248ab76c97e5182
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.