MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.ExtenBro


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
SHA3-384 hash: 8cde191cfdd23f3a33a44e3642a12357d2cf8b40c669384729050559759c4e31e8c7ca53f1e5191a424bad89cf7adc41
SHA1 hash: f58246065e9d7646c5d35339a89470f609db0ee6
MD5 hash: 01d49b8835e13575499a041f1a2a2109
humanhash: angel-victor-early-white
File name:b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
Download: download sample
Signature Adware.ExtenBro
Create hunting rule
File size:6'388'768 bytes
First seen:2020-06-03 09:04:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ae9f6a32bb8b03dce37903edbc855ba1 (28 x CryptOne, 18 x RedLineStealer, 15 x njrat)
ssdeep 196608:GIGiHt7sYj81VlaZcZIJlefeWRtUvtLTBm:GIxHt7z+IJ8mem1TY
Threatray 41 similar samples on MalwareBazaar
TLSH 08563338FAC249B2D5374D39042DAF211B2EFC2049E8DD17ABB46A385B70191B52E777
Reporter raashidbhatt
Tags:Adware.ExtenBro exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Csdimonetize-6824568-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Moneyinst.1086.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Kuaizip-6840562-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Win.Malware.Dealply-7644577-1
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

PUA.Win.Downloader.Firseria-6870500-0
Create hunting rule

SecuriteInfo.com.Generic.mg.7118444d587a1d65.31770.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mikatz
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 23:29:39 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xaz5pgkt7ylxusffqmwoeydmihia6dk3tpjrz2zf2mcvuocqyl3q._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
hawkeyekeylogger
Create hunting rule
Similar samples:
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
Adware.ExtenBro
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
Adware.ExtenBro
39ca86089dcbdbce612bb989dda90c7fd5ab244f7b4b03b28e16124365ba858a
Adware.ExtenBro
42a630cda5266fd03e55bb8621e6d14cf5a6b0abda2426be1a657522c1bbb3a7
Adware.ExtenBro
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
Adware.ExtenBro
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
Adware.ExtenBro
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
Adware.ExtenBro
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
Adware.ExtenBro
f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c
Adware.ExtenBro
f8915227c25c5ac552d66f3708f615cd517363953829d3715f38666d7dfa9770
Adware.ExtenBro
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit evasion persistence spyware trojan
Link:
https://tria.ge/reports/201109-r4yqq81b2e/
Behaviour
Modifies system certificate store
Runs ping.exe
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Kills process with taskkill
Modifies Control Panel
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks whether UAC is enabled
JavaScript code in executable
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments