MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217
SHA3-384 hash: 0952c94dd59903c6c772ef36ed78a28174b0295c51828fa7089e7e80bfda133c01f64c3024936af1117dbc27d6b338dc
SHA1 hash: 208fa687dea4cae2bd7a15907834ce107aea2683
MD5 hash: 934b148407a5f93bbeed3d5b2c91edde
humanhash: low-may-blue-apart
File name:test.exe
Download: download sample
File size:51'712 bytes
First seen:2021-07-30 07:54:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0818438d729451edf8c455424695687b
ssdeep 768:nCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWUOh:D1Tzy48untU8fOMEI3jyYfPifOh
Threatray 7 similar samples on MalwareBazaar
TLSH T115335C5777C023E2D58385FC04373AA7DBB19F224324A2E7AB042C59EFB96D2CA35255
Reporter JAMESWT_WT
Tags:exe Levis228

Intelligence

File Origin
# of uploads :
1
# of downloads :
548
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
test.exe
Verdict:
No threats detected
Analysis date:
2021-07-30 08:01:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/977867f5-991d-4990-98f2-09fd47ca1dc7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175238/
Detection(s):
PUA.Win.Packer.Purebasic-2
Create hunting rule

Win.Trojan.Generickd-3430
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a2651be6-5f4a-4447-a992-8fc947c83e74
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/824349
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected BatToExe compiled binary
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 456759 Sample: test.exe Startdate: 30/07/2021 Architecture: WINDOWS Score: 56 21 clientconfig.passport.net 2->21 33 Multi AV Scanner detection for submitted file 2->33 35 Machine Learning detection for sample 2->35 37 Yara detected BatToExe compiled binary 2->37 9 test.exe 5 2->9         started        signatures3 process4 process5 11 cmd.exe 2 9->11         started        13 conhost.exe 9->13         started        process6 15 chrome.exe 13 407 11->15         started        dnsIp7 29 192.168.2.1 unknown unknown 15->29 31 239.255.255.250 unknown Reserved 15->31 18 chrome.exe 20 15->18         started        process8 dnsIp9 23 clients.l.google.com 142.250.203.110, 443, 49741 GOOGLEUS United States 18->23 25 www.google.com 172.217.168.36, 443, 49685, 49687 GOOGLEUS United States 18->25 27 4 other IPs or domains 18->27
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2021-06-16 01:29:56 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
28 of 46 (60.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0bde61b11f4d507d3a6f5ebfdb33829824f4819f1621f4a1f36f6d0edef0d6c2
2bfcc18ff3157d5b800d7d8f3d2ca77a131f228a7e37c64632977073efa9d279
5ef0b6ab46bb6853ddf281a6b12ca1b6c9d77a6b25a8db00e5f0771e793357a5
730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
7860832a25f403c43865c00bd072fa58b2da66bc81152eec30582ad0a72932e6
82732e47492148243ee3fb338c93d43b9a9984f39e3409327600cffc5766af1b
e3bf80ffcb6350eb243e3f4e30f2dc684bc7c31d14750c120a957e188e895710
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210730-1t2v8s2vdx/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217
MD5 hash:
934b148407a5f93bbeed3d5b2c91edde
SHA1 hash:
208fa687dea4cae2bd7a15907834ce107aea2683
Detections:
win_koadic_auto
Create hunting rule
Link:
https://www.unpac.me/results/dd274c08-f33b-4cae-9743-75ba9d5cfdde/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/175238/

Comments