MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.ExtenBro


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a
SHA3-384 hash: 56db3472d68bc1cd330c0a8220a0378e542a0bc1acc9ad25cc8ce2a95f1af965ca8a547b16c537de66e5e3e63b56e3a6
SHA1 hash: 2d50b7d04607d2bfdc26afff22738b0f5bc815ea
MD5 hash: e74ba39396e644785a868125179381b9
humanhash: nineteen-fix-leopard-monkey
File name:SecuriteInfo.com.Adware.InstallCore.768.17867.21240
Download: download sample
Signature Adware.ExtenBro
Create hunting rule
File size:13'323'574 bytes
First seen:2020-08-29 06:32:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'453 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 393216:TaUR8qdwZfBhmUJwin4mv9uN/vVeSVBQt+1P:aZZvlBm/vV5Ug
Threatray 5 similar samples on MalwareBazaar
TLSH 1DD63373155D907ED123DFB7AF2B7CD4CAAE3B2E60E090D4F56D680A0E0B6E1894A345
Reporter SecuriteInfoCom
Tags:Adware.ExtenBro

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.InstallCore.768.17867.21240.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/454116
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a/
Threat name:
Win32.Trojan.Black
Create hunting rule
Status:
Malicious
First seen:
2019-02-03 02:51:05 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmsftr5km5dpmffalitzo6mp4cpm6kknwprmdxn2gmtb4l2kz6fa._file
Verdict:
unknown
Similar samples:
087df168d78dcfd730fb669aad4b848c054f08cbab3c722c87a0be0aa5c598a7
Adware.ExtenBro
707025aabf49be938c24b5b6614d2008b928ff596fb405d7be2338b1cf1ae04d
Adware.ExtenBro
a40f7767aa2fd1c3efe1fc0f0178088d1640d1a2fd5b4d4b075f8bbff43ccfd8
Adware.ExtenBro
e37d69a8b607ea0e1e114223dfa6a7dbe40de485fa482e0370b886708a2992dd
Adware.ExtenBro
ef377079bcd6215f07aaba72c74c17a33cf2e5eb3eeed538fc2d0084670295d2
Adware.ExtenBro
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200829-8dvzs3a3ks/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
InstallCore
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.ExtenBro

Executable exe 5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/446415/
  
Delivery method
Distributed via web download

Comments