MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0315adcc923596016a179b68fe0aeedfab50f8b9278f539b5858dc7606a9d670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0315adcc923596016a179b68fe0aeedfab50f8b9278f539b5858dc7606a9d670
SHA3-384 hash: 5cab74b7c4f6df5e4f4af1d5439e529c8269cb558f654fe85201dde4272fd66e59554ac5db65d9296e638282524d8dc1
SHA1 hash: ae8f56cc8ec31db188e5f192eb4c11d137763ca0
MD5 hash: 161f73a8830efee2330d149e17131473
humanhash: five-football-ten-oklahoma
File name:B0002221114788885522.msi
Download: download sample
File size:1'041'408 bytes
First seen:2020-11-04 10:22:06 UTC
Last seen:2020-11-04 10:30:10 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:p/rFId/5IqVXCWJriAjb2DRMIHBPHofTl6VQU1YwYD:p/Y5IqVXCWJriAjbuLBPHKTl6VQU1YwY
Threatray 18 similar samples on MalwareBazaar
TLSH 1B259D2076C6C537D5BE01703A6ECB6B5469BE600BB5C4EB63D81A6E1DF18C24232F67
Reporter JAMESWT_WT
Tags:Downloader Mekotio spy

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/82801/
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0315adcc923596016a179b68fe0aeedfab50f8b9278f539b5858dc7606a9d670/
Threat name:
Script-JS.Downloader.BanLoad
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 23:19:26 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
9 of 29 (31.03%)
Threat level:
  3/5
Verdict:
unknown
Similar samples:
0a9964fe0e0fb3f0679df317a65f9945c474dab8c4370b45b93da64a8b201b9f
0f12408c06ccf60608a60572d521bbc8012e6ce7e0d701781a0a33e0e1fd1519
9e2a79f4a93a4f337997bf6f5826dadfa703ee52cafd9303c926abb7024ce590
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
c3a382298e7b40c769094035a49abe71314c89509848cd9485467c2179193a0f
cb25c52259fd5629dacb98a954ccc4aa5e6dc15629122750b381427f7a5b1358
d46dd776096b9f1a39203318bb76fc837e51c9f0a1212dd349eeb57ce6e58758
eb9410f5031797ccc6f446cb0c0d3c6f6a6c927f990c8aa5e01f7bffaccbab09
f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17
fc1b36e39f87cff2c9076a7e8316af297255a92824338b19b69022b47a47daa6
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201104-bb5k3d551e/
Behaviour
Modifies Internet Explorer settings
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Enumerates connected drives
Loads dropped DLL
Blacklisted process makes network request
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/82801/

Comments