MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55
SHA3-384 hash: 8b42a5e5f40fa90dc5a0b5db101fca8ff54a6e957ec404c272071e04f80538cc7200142d5acd87b516d93a2898658fa2
SHA1 hash: 053849d280c4eadcc1d8d2b6fccc821b0ccd2f4e
MD5 hash: a58aaa24f417bee90ff01865d81866c5
humanhash: oven-monkey-georgia-pasta
File name:EpsilonApp.exe
Download: download sample
File size:163'840 bytes
First seen:2024-01-20 01:43:46 UTC
Last seen:2024-01-20 20:45:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4fe4cbe3f1eef29244a0a0b01016c849
ssdeep 3072:hazsB/DjZSiUYuclP6LULzOIG8woDDUoPzoICpaqqjsVGL/KV:5hUDc8LULzdG8woD4oherXGjK
Threatray 5 similar samples on MalwareBazaar
TLSH T101F3E7B56122D87CC3ABC0B4B457CC927915740A033228AB43D699772F5BDB58BBC6F8
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter tildedennis
Tags:exe SILENTNIGHT


Avatar
tildedennis
silentnight version 2.0.0.0b

Intelligence

File Origin
# of uploads :
3
# of downloads :
327
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471798/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.7407.24073.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Launching a process
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Modifying an executable file
Creating a window
DNS request
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65ab25623a0cf312d51797f3/reports/cc20f30b-e33a-4308-9efb-ecc9b9965fa7/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2c440cf6-cbe6-4ff1-9930-db2933660eea
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1377866
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to resolve many domain names, but no domain seems valid
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Score:
86%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-01-12 02:16:00 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aocipl3ce2w66inct46tdoxtzaerid6licazdwulyrl3m4q6hjkq._file
Verdict:
malicious
Similar samples:
038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55
b206695fb128857012fe280555a32bd389502a1b47c8974f4b405ab19921ac93
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/240120-b5tg3shhd7/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55
MD5 hash:
a58aaa24f417bee90ff01865d81866c5
SHA1 hash:
053849d280c4eadcc1d8d2b6fccc821b0ccd2f4e
Link:
https://www.unpac.me/results/bef7fa50-518a-4cbc-955a-98af65ae9168/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/038487af6226adef21a29f3d31baf3c809140fcb408191da8bc457b6721e3a55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/silentnight/
Cape
Cape
https://www.capesandbox.com/analysis/471798/

Comments