MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead
SHA3-384 hash: b22267ed4b5c239b5a31785ee0fa14eb1b646bf80a41472cfaa5fa03fbe6bd76566b58e59458e0abd7328e90bc22e7f5
SHA1 hash: 42d24e14f852afba26c793bf4063ad80f581452a
MD5 hash: e64f048c8c196195443a74e911748666
humanhash: undress-beer-solar-yellow
File name:products samples.exe
Download: download sample
File size:505'856 bytes
First seen:2020-06-20 06:11:46 UTC
Last seen:2020-06-22 08:03:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ed4c94ce952225916eebcf8e6384bf1e (2 x NetWire, 1 x RemcosRAT)
ssdeep 6144:m/iRspKoKLn1QoIPDhdcpHnibm7GrHdKALOj14riZ7v1vEmQq9t/uubbsl6VaVLk:CiRspDYbIPFZDd5r87ZgWjbbi6V
Threatray 5'152 similar samples on MalwareBazaar
TLSH B7B48E63F2A18437D1232A7D4D0FA67CA8367E513E38684A2BD56D4C5F79381342F29B
Reporter jarumlus

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9932/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 03:17:44 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zo3nremhqr5kwh6p6225qmxkqc6kgc76kuqhaijtzk4dgnjzf2wq._file
Verdict:
malicious
Similar samples:
35bb2187c8bcf8921677dc34a4a3bf7f33144c97370346f4ff616c82a2e278b5
45a1bb88d5e48989369b90d346c9d706a24c8b1205c4358b6a3bda278aeee6cf
65463a82bb20ec1f2d53e93c9e51538d55fff2844c746afc36e7a1c43cce36e4
85774cdd3163c5e259dafdf67b113fd69fa8f4f9ebd964ee91b099bd2f58ebfd
9392304274014d5807d5a2271486ea5a72143d7a1214ecc1b59b1626dfc3ba64
aa920a28098387bcdcca0c6e2b668a94b49b1ba5ab1129b27da5a42c4f645ca3
c0307fdf9dcf72e69b33cb4327608c3d27bc5a26ce4552a1eae074f2557482dc
d15bb0b2e07a91123300b30b6b7f26774e873a7bbbf677cdfd1a7c9547a1e353
e01b79e0c73e76e98ddca8c03d801e1742eeb3fec251b17162ef899332a12963
ea757d5009b479c116f888667fe901ed1c2f5687d26cd611df29298c17529153
+ 5'142 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware evasion trojan
Link:
https://tria.ge/reports/200624-mgwp9rha46/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Adds Run entry to start application
Legitimate hosting services abused for malware hosting/C2
Reads user/profile data of web browsers
Adds Run entry to policy start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e

Executable exe cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead

(this sample)

  
Dropped by
MD5 45b61bca34efec06eba0469fe2003b55
  
Dropped by
SHA256 acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/9932/

Comments