MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 045b248fd03d43a0b9e9428d77a8e9fcd60ee1cd675c3ae994f6901e0dddfddd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 045b248fd03d43a0b9e9428d77a8e9fcd60ee1cd675c3ae994f6901e0dddfddd
SHA3-384 hash: 8f8258c8c5cad3f41813fd69c1add2c4f5246fbf7c68c72ccbde8fa94473acda7d11301e706b4693dacefe8dcadcc3ce
SHA1 hash: 8d670deb9e902cf5775f1c79038e817c488f5672
MD5 hash: c860cb58d21dc6d86ffc82e06e86cd77
humanhash: wyoming-golf-burger-burger
File name:New2024Bonuses.iso
Download: download sample
File size:1'427'456 bytes
First seen:2024-07-24 05:09:04 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:X5SRiYTVyr3vQZkghvkiMLNMAVlG1tKCH:o8YTtRvkx3A
TLSH T18A65E14626A15AE6CE36473410520D26EF743C178374E3FF732C92F59BAAFC4443A9A9
TrID 47.7% (.ISO/UDF) UDF disc image (2114500/1/6)
46.2% (.NULL) null bytes (2048000/1)
5.7% (.HTP) HomeLab/BraiLab Tape image (256000/1)
0.1% (.ATN) Photoshop Action (5007/6/1)
0.0% (.ISO) ISO 9660 CD image (2545/36/1)
Reporter 1ZRR4H
Tags:iso

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
CL CL
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:BonusPool.lnk
File size:2'656 bytes
SHA256 hash: 6b3cf386d3ba99821128292d15208cafe5cf975c19f8e581cf81ceac0925e5e2
MD5 hash: 231f7de759d2772c047b8b82eef618ea
MIME type:application/octet-stream
File name:test.d
File size:852'480 bytes
SHA256 hash: a19a815334bc102e30d5cb5ea57264a3e9cfccd3dfdc05dddd91a44a5ccdbcd4
MD5 hash: 159d982a1c9f64571b149b57ca358821
MIME type:application/x-dosexec
File name:1.bat
File size:152 bytes
SHA256 hash: 7140f8fc264509b578ddfe17161ed2b9f79fd0b9d59856d6df0d422871600482
MD5 hash: dcb326d0ead01ab9a635003c7a010470
MIME type:text/x-msdos-batch
File name:2024 Bonus Pool.lnk
File size:2'466 bytes
SHA256 hash: 45692b25cfb7c78e20c913fa0d3c27a66bd641d2b41f367821451071395eed7c
MD5 hash: 34b6af77e0fcd67a8919323bf0fd91ac
MIME type:application/octet-stream
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilLNK.PkillLOLBinWrapBattle.20220620.UNOFFICIAL
Create hunting rule

TwinWave.EviLNK.ICEDYouLearn.20220815.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66a08cad6f74caeb2f89ab28
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
context-iso microsoft_visual_cc
Link:
https://www.filescan.io/uploads/66a08cad9149fd55f98f9b20/reports/4769d9ac-6a75-44fc-b7d9-2b06480a6abc/overview
Verdict:
Suspicious
Labled as:
Mal/DrodIso
Link:
https://www.hybrid-analysis.com/sample/045b248fd03d43a0b9e9428d77a8e9fcd60ee1cd675c3ae994f6901e0dddfddd
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/045b248fd03d43a0b9e9428d77a8e9fcd60ee1cd675c3ae994f6901e0dddfddd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=arnsjd6qhvb2bopjikgxpkhj7tla5yonm5odv2mu62ib4do57xoq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/240724-gzwyxasalj/
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
Enumerates connected drives
Checks computer location settings
Loads dropped DLL
Boot or Logon Autostart Execution: Active Setup
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/045b248fd03d43a0b9e9428d77a8e9fcd60ee1cd675c3ae994f6901e0dddfddd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:iso_lnk
Create hunting rule
Author:tdawg

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments