MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d
SHA3-384 hash: 9cefb25f3134edf83124ae115662dbbe1f5bc5c54efc8f77432df9720f66b3a97cc173640089c2f562e992905cc16a75
SHA1 hash: 21e505b0229d8bc4984685db6754d059e1495506
MD5 hash: 97e310ab768121af440348c0067fbe82
humanhash: hot-hamper-moon-neptune
File name:rTTRemittance_copy_pdf.exe
Download: download sample
File size:1'209'856 bytes
First seen:2024-11-21 16:00:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger)
ssdeep 24576:ltb20pkaCqT5TBWgNQ7aWho2GBvI4/sxgQ6A:WVg5tQ7aWhofJsL5
TLSH T1C945CF1363DDC365C3725273BA65BB01AEBF7C2506A1F56B2FD8093DE920122521EA73
TrID 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.5% (.EXE) Win64 Executable (generic) (10522/11/4)
6.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
File icon (PE):PE icon
dhash icon aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter FXOLabs
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
406
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
rTTRemittance_copy_pdf.exe
Verdict:
Suspicious activity
Analysis date:
2024-11-21 16:01:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e6e651a4-3c1d-4e01-8930-b56e2b459105

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=673f5a151ff015366747c124
Tags:
underscore autoit emotet
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% directory
Restart of the analyzed sample
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
autoit compiled-script fingerprint fingerprint keylogger masquerade microsoft_visual_cc packed packed packer_detected
Link:
https://www.filescan.io/uploads/673f594a8bfad4e5609d798a/reports/8f390308-ed34-49f8-ba36-1b913b6b7131/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2253a5fc-8911-40af-92be-dbb125584334
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1560325
Signature
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1560325 Sample: rTTRemittance_copy_pdf.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 64 48 Multi AV Scanner detection for submitted file 2->48 50 Binary is likely a compiled AutoIt script file 2->50 52 Machine Learning detection for sample 2->52 54 2 other signatures 2->54 14 rTTRemittance_copy_pdf.exe 2 2->14         started        process3 signatures4 70 Binary is likely a compiled AutoIt script file 14->70 17 rTTRemittance_copy_pdf.exe 1 14->17         started        process5 signatures6 46 Binary is likely a compiled AutoIt script file 17->46 20 rTTRemittance_copy_pdf.exe 1 17->20         started        process7 signatures8 58 Binary is likely a compiled AutoIt script file 20->58 23 rTTRemittance_copy_pdf.exe 1 20->23         started        process9 signatures10 62 Binary is likely a compiled AutoIt script file 23->62 26 rTTRemittance_copy_pdf.exe 1 23->26         started        process11 signatures12 66 Binary is likely a compiled AutoIt script file 26->66 29 rTTRemittance_copy_pdf.exe 1 26->29         started        process13 signatures14 68 Binary is likely a compiled AutoIt script file 29->68 32 rTTRemittance_copy_pdf.exe 1 29->32         started        process15 signatures16 44 Binary is likely a compiled AutoIt script file 32->44 35 rTTRemittance_copy_pdf.exe 1 32->35         started        process17 signatures18 56 Binary is likely a compiled AutoIt script file 35->56 38 rTTRemittance_copy_pdf.exe 1 35->38         started        process19 signatures20 60 Binary is likely a compiled AutoIt script file 38->60 41 rTTRemittance_copy_pdf.exe 1 38->41         started        process21 signatures22 64 Binary is likely a compiled AutoIt script file 41->64
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2024-11-21 12:47:51 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
23 of 24 (95.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=awyzbv2hov36qyinqnzuomeeg7yaxaxglpuchha6nncjma3ijeoq._file
Verdict:
malicious
Label(s):
unknown_loader_036
Create hunting rule
autoit
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/241121-tpjxtashkc/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/581724c2-6f81-4322-9497-7d3314ead032
Unpacked files
SH256 hash:
bd5cc6e1f2bb184229d7080695787a4df6f823ff39d5a958a5f157fe7a5773b0
MD5 hash:
fd9222a6d90b9f221e63b66f7d5dc350
SHA1 hash:
096f76d81e5afa15f958d4960ce56835404dedec
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
a96030d9663b32792dab8236005d05008231f744b5fe75015d94a22de62a6b64
MD5 hash:
6eb081a56fbcbda0fe4077c8d921ca52
SHA1 hash:
0a3b2bdc0c8e1f7135cf7b0b8c45d53c845377c9
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
927914f909cd8208b1c885f256566d7ed961ae3aa30a791c106d1e68aa23be8f
MD5 hash:
a55e35973b6abf805ca18a066f84b101
SHA1 hash:
7a4952c70f989441d52e1679acb91339a12cdb55
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
992a49683903d7cd313f62e4c40f500dfb28cd9e656bd9f3db7b3b1a95b75e49
MD5 hash:
2db7f0cd45899f83efd842350deb3e20
SHA1 hash:
0d75a5ec9b8c73edc16ebd6cf3a0781aaca9a2d1
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
08c805cb45891d1086bbcfebce20cf31951a95616b8c4299e7010ca3a8ecf6c6
MD5 hash:
5477770076f3b8515f34ec7abb085a2b
SHA1 hash:
15c4d19067ef8ba1200037cde9e33e0fd6eb7be3
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
b23ec0a73426773c0f01fa67d7f0647b032a30bdb9806c1bd9b7da72cb29f6c4
MD5 hash:
0b6178eaebe2710af232b9d66db130ea
SHA1 hash:
6328a46bd5fde0240c68cad23fdf410bb6c369a5
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
eafd09475c5f2a8fa06aff8854406eac92e5ebe96c85ade80c44598e7c22515f
MD5 hash:
4f9fcb1a5819a221fd9aad649e76b73e
SHA1 hash:
310f765d04c20342e8cf55c2e37392ad007e4c2e
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
27b3862980f89db7f0b376aad61571ccd29a530683073a2b0b935e0d7e6cade1
MD5 hash:
92d63770c5750de22ef9112841b3e86d
SHA1 hash:
bc11f5e744f6e974ffdde463c965d6b329780497
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
3036a4eaf79e6aefb6957654fc93a64f438749ad1231a683c8a2f4fc6544366a
MD5 hash:
dd136d8e06f675c85a16a5a26723d437
SHA1 hash:
8eaceb78634b92f2537960bee5a3b5fab7a09be8
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
18dd0410d02ca880d8949d1375ee24483e979436d2980b9e88d2d2da98f15f18
MD5 hash:
899fc366b4861105e1c360d1d6258f81
SHA1 hash:
57d4cc2e0cfdcebd7a9d68a478e5989048d74484
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
9fb575574224fca6a045ac6a0ba72a9569519fd848ef0f2fecb2d8f8c041bfb9
MD5 hash:
d0aa5135950707634840b95ac1f179cf
SHA1 hash:
7668063d9231d74653002d39d7ae145678779bea
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
846d1cfd1bdd2fc8aca27c31107f4287eb86b81d2ca4be82cd8ddd48a2d6d47a
MD5 hash:
ef3fe8a5a077cc37d60fa1cf723f51d1
SHA1 hash:
1bc8a4c43fc2df3f1513e25f8a8183b7c48e3e46
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
c903cdfeaac676fa2eaab94996f89c2fc9611f2915fcd6070c2e1d02e212ef1c
MD5 hash:
492ed47c94d212f468405764589fcb63
SHA1 hash:
fa156ce600dd17198a9832f261e29a448d2ec69c
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
b7a20183d0216687fca0bbd8febe36d7d901a3da0ae5f30570b71f56336aef04
MD5 hash:
2395dccdf1b435d8ac9e057d5ad6d0d6
SHA1 hash:
59ffd3676dfb5f55f4541304498e3a61fc5d936a
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
a25edd5561f18907dc2be7e4fad1b6bd3b9db356bb6463a8e6ec91369502449e
MD5 hash:
5025bebd7cce39dba04fd5e2680a52b0
SHA1 hash:
aec8fbc225a7be0b0087ca1d612d9e5fdfdad271
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
c585cc80adca150e7e17cb159651ca70051c2714fb7114e31e781c08368d6cb6
MD5 hash:
bf6cc10a2f889667ca8ef58f4701943d
SHA1 hash:
84368580f2cd4e5e42334eabbfb20e5113298458
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
2ff8f7a41e496814a0bb2d26467e6212252a773daff67d7e5a277798c4885e6a
MD5 hash:
3a08f49ab632b44becbcecffcff6e880
SHA1 hash:
c2080cbfdac17cb83a9c203f8f75cd77f65f9a0f
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
4d37c7bb423aec01151f66c1bdf90cf51badeea3a7236d557e30b1ff367fa50b
MD5 hash:
affd98c3bf4e201c3c0bf0370c58ca42
SHA1 hash:
ea2d6933413230f42d68f66a8e5dffcd3fedcfc6
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
7199cf420407d52642b43aa5e9399f80a94025d12e3efb19d47fcfe314ee216d
MD5 hash:
51abe2151c9b9cff6fb6397feb4d7043
SHA1 hash:
028dd820ffc9f13b92dc83b25ddc934d446d5cc4
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
769fd1e00f561830fcd3f56c684832999775e5ccd8f60d366cb30c29d5f1d196
MD5 hash:
978f82dc5773ab5eebab9251a219b8b7
SHA1 hash:
3e651c3184ee51f624a6e609542223340cbe9ba4
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
1f828a698fc85ab8f9e5fc19abd970037f66f65793facef8a7ab25b522fd7a69
MD5 hash:
b4a2004645b0488d0172161d563b67f8
SHA1 hash:
95f489697375b0ab8a6c8ebdf8c1219121dda6ec
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
468f650238560ec5aa94a4ac696b4e55b4e8348475e9cbe142872a71e91c738e
MD5 hash:
9b281d69b51ae7e80d3b72920d2ef320
SHA1 hash:
4727292580d9707f22430e42f71ed0becac98e33
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
b31729395b23d3a728db0031ef010512a3bf71f7f91b0c2ebd2bb1bdb2fd0d72
MD5 hash:
fbd4b2a9fa1dd60ff84a845ef7573471
SHA1 hash:
7139f6e9e32403b152140c7174d3fc839256f882
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
ed982a10d18c6aab2e95e961c1f9ea8421ec0177373dfe35f25c3ae2936936d1
MD5 hash:
865dd66e5254dbbe8a769c427b9ce01f
SHA1 hash:
61d2c182d1a48a716e600020571f68ae362f5cfa
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
026a8f89c0c9bee9ab3f98e4c8c6eff9b8345ba5d4e897d9384e3cc42c2ccaf2
MD5 hash:
f3e3d23292925e733f63a6f7a5bbff04
SHA1 hash:
930b83b0109411e7e7eba21156233b841e673eff
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
cba690f1684db031befe649a7191582753cc20c374c612c924ea7a380c132ac7
MD5 hash:
3e7deff2a6cd6caf2ca7ab0e9774f0a4
SHA1 hash:
1da0bd3482bc2162265e7a18f34b0b0d6e4e3442
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
06bcce252a8c0de3ab27bb1b440c693ba5a23aa348638fe08ca2261e706d9990
MD5 hash:
3aed36e9a4bf363a0d99543fc5861926
SHA1 hash:
121ce37fc0f2b1058047f2451c906ed9cfbf0442
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
7d3db2b4cf671bda2f50f0f0d5ee5282aed2622420d64f89355e04962442fb59
MD5 hash:
c25323bcb62f7bb65ee5385411436d67
SHA1 hash:
cf5ad457fc269abd8a79233e888a3f6e75b2b19c
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
692cac0b562ce56a347420e4a9927b3f48ad7ba8414ede727bfd291d36fd9b9c
MD5 hash:
bc66e863a69a2cf1686c7b50f3421387
SHA1 hash:
bf458c1f3fb6d013eba8d49f93938b931c10628a
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
3dee088ad0af5d93205335d4687d11df086b6e24b30954c878d33528c1964fa6
MD5 hash:
4835941eba975150893da2deb34acb1c
SHA1 hash:
ef8a09f3c57f912afd8edd924670f34448bfdbf0
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
498e0f8ce520f6e31e17b33340a648dc8f433c07b6ec461ada274cce6292b0c7
MD5 hash:
7d8b9409151f5c0000640572e3c5e138
SHA1 hash:
b88fecec07ebc1e7583e099b54361d11cd8c79a7
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
d6c20c104f6481a5eec408fd5b8072065dc8cd30703ec9a0f16d48f217556fa1
MD5 hash:
5be1657e5dff2bd7299883edeffad0b5
SHA1 hash:
66a6af0a5a3548cb9134ff60d0188fa155525fe4
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
a052f601fb38c5cbea919ae59151212742deedccadfa89cbbcb59a53e03a30c8
MD5 hash:
c10098f7c03302138a7040e88262ea3e
SHA1 hash:
ed8de6ccbefdeb162a61f62a939e9849135ffb18
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
750c56ba8b7f45d04aeada6f85f0ce6a78ffbe52166bd773436ed478308e1af6
MD5 hash:
b59e85ea439bf60ebdeef94ba41333af
SHA1 hash:
e1cd5322e1033f13393ae3f92920f01f03a9aaa8
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
a80f20a3bd9e1e19ec973c4e003959c89afc334aa2e614d85741966c2e0cf684
MD5 hash:
648a56fd10f76e03f37bd049da07d7f8
SHA1 hash:
b7780a3c32341ebe06592ebe41483cc5fa8dbb61
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
1531c6cdee1364a904809da664c31475bcef02d37237333cd649dfdd2d7f5e21
MD5 hash:
e8fdb90a6d08b6be3bdf751faeddcecd
SHA1 hash:
4acd198a8b8507798b875ca4e75feb98b79d0e01
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
275fa03875c9c83b85c306a27ee3b4d61ee1c5915316a12f81cfd5ab96bdd8e8
MD5 hash:
49fcdf178408ae73d74c30f5476a2973
SHA1 hash:
ac66fdb428c14cb64326eeff2ce43d8b252016f8
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
11a29d8fcb9b89db5700ff74188b3d16baedebb2dc8a80a692c229bc4a77f9b5
MD5 hash:
98796cc4477ed21d0e9af863184b20d4
SHA1 hash:
9f3ddcf75b38a625413f2fba71a309e0db415d87
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
c14bef3d877e321aa054102668c6be77e373dad84f1bad8a62c192148db8a3e4
MD5 hash:
e61717aa9d856b2b9b857530a64d823c
SHA1 hash:
d7b65614ee6b8c9de41a5ec8b431ee6b27948393
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
01d8a4247955bbcbcdcca012cf0fc226b4fa5f45933edd23244edd5d8824c6fe
MD5 hash:
390cd8e6213382be974588837d452b34
SHA1 hash:
7d6d2699eb5ce19d54e0aa16b29fd9f129790245
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
33591f09b7570d346dee2458659c8bbd5f28cd80960feb5ce364a022faf8d8f8
MD5 hash:
2307a54ce1dde77773be53ed80f4ad39
SHA1 hash:
d43095388ab4f2522ffe1eb2de2ebce006f8b4bc
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
070ab4d4755eb48d52d3518e69b0acbde5b3454ab85abdf760f2ec777463ef53
MD5 hash:
07d2de95b125fca1848e5688d8eb0c4b
SHA1 hash:
203a7e5e8c28fd257971da4dc268b1a375185dd2
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
7be293558b121bd10a83cc2c3f0d0d27058621fb2d98f9b4f953777db62cb190
MD5 hash:
f29905c02aa243237653cbe15e4e7872
SHA1 hash:
2a19a34855c59518f2e4977e23d023f2437fc9d2
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
09e2f6be4e27fc526057bebc4011ec885dc1e59dcbf768dd746635f47cd508b0
MD5 hash:
7070cf9808680453d946c3aea57d1d40
SHA1 hash:
176ce751b27ab31889051bcf18eb0663549ced1f
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
5875f8e5e3d1328e35339d34be401d7913dee9df530b98f1db8c08da23c20dea
MD5 hash:
eb59026d1d80f319a859e6a23bca86e7
SHA1 hash:
36625f703b628e777078526371dc852184456145
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
db8630e96d5e0296019fa9f70fc221f065c1958ca3d95a3e2e586b58a0f65435
MD5 hash:
65fd5db15661bac410fa4c9fd29f8258
SHA1 hash:
328357d1b4c8623f6bf3c620ab0dc817175da389
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
421567d74477eae053b5420ee11bd962e55644e83b165ace3e46e298f952869c
MD5 hash:
98a32da155ec1b06f1baf7f0e4fd7cfc
SHA1 hash:
1c6a367a99d27ee438a1157d94d757daba5a9268
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
dc77ea8d4172f5bfdeaf89c064434240398f1c63d8f898d8deb54d4feaf2db88
MD5 hash:
529b65f5ebbe77e1536eb5567c641c02
SHA1 hash:
284cc29de099b4e2af4061e4ed7214820cc5cea4
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
7a3e1aef18e88eb6a2c86308c0ae583e802fcdb4c99b37a7b0654cc13f980722
MD5 hash:
b90d0d9b6a056ab6a4432bfb8e9b2d85
SHA1 hash:
4e9247ee3287491c5b34dd9a01c3ad4e46b464ee
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
aea5bc662de6f65ec5819776fd61dc76c93e83ae53fb5b4311b00736ea82ffc6
MD5 hash:
315dab43cf414e8f244873c098502b72
SHA1 hash:
e51584e20c4f00434be9f16cffb6f328191bc5d7
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
6034fcbf9f5dae054113d2c10b866ac0b92c6e5fb6ac3eb416442a5ef7d044bd
MD5 hash:
44ab55bad797ac334d21233867d7f7fe
SHA1 hash:
13b763c62b24a3b47ec1aa97c4ce44f6e04103f0
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
27777300265d4aa958c20d9c1d7030dad66055f19e358e4020ba454da57fe904
MD5 hash:
e6caa52d5f632681663bb868f0b94ff7
SHA1 hash:
c64b132975c43569647ea0e975d5ea84ea742581
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
1a9c416e14c70923bfe6d7a315e14fb24cd899a4fb573dcdb2fba75715cd790a
MD5 hash:
09a7d0f5e496387d996fa4e6c769b4d1
SHA1 hash:
0e057d15547a80da427ec56083707cc715866251
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
22ea6be051a7cfed377749464c15afa56a8706c60dfa25fd2d8c3d709fb9ad65
MD5 hash:
77f47ae65ee8d8f773e096283152ab20
SHA1 hash:
4085422018c88004d3cf479b4f9a5e3c0bf79f3d
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
0f5a7e16acae0fab518f69248d09e6bd45208f18c543762d9181c0deecddbede
MD5 hash:
e4a780bac8b60f4785aed191999b6b3f
SHA1 hash:
159596c00cdb8c7f1af689407da1a37415389ca0
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
42b744cdd23949114aa5d40a4c046f55f52aa04f6de554771f22b1b8a011289e
MD5 hash:
6c487933706366445d962092c7f680b6
SHA1 hash:
9a6eeaff7c6c07825fc5f54aa75f151485f137b3
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
eb37ea9f90c3082f13f3bffa5a865edfb3609f12e6b801e7e1be3cfa5a61e55a
MD5 hash:
91f2427f02eb5332a2d43a88ec6c4ace
SHA1 hash:
ccbd6a30c79df4f29c644441b9610a788f86a780
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
f7723bdb1011cd8c430fbd45c4303a27096e827ada781f5dec731349dcda500a
MD5 hash:
fd4665b54cb7a89fc6223ff2a6462a26
SHA1 hash:
eadcdf18ef9167816e637cfe2a78f7febf0b6c41
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
3ece689f40b94285627dfdb16ea246892515eb2ab891f1a9063344dc61bcbb0c
MD5 hash:
99566b44cb52cf41f8faa48077148965
SHA1 hash:
846ebca4ec559452b1cce7f7311a19353ce726c7
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
0d484d4da03729aa5e03e5a2e7329c15414026f8e847f77eb91df481bcf3b065
MD5 hash:
370cdd60048d4dc9eb449f88a69645c4
SHA1 hash:
de8926f462dfdb9f562bb8f1b346ad2d515fe99a
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
c341afb907264213345287c09c7d3f9911a84c0ac1055581b3538bb14d75b5f4
MD5 hash:
b251c883a69c5890685be1c87ee89a83
SHA1 hash:
69b5cbbc3440b1016d7c24eee90c368673ac9b0e
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
23014235f316be58aaf938b95e6b95890363a3c4ecaad1fbdbe57da20910070f
MD5 hash:
24f037bd766f101320deb2d3cdf70643
SHA1 hash:
28fa1e60d21f6d22e5a7fc661cdbc2ada5ddfbf1
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
c5c46913934bf61e3cabcd89243be091d75fa5c2022dc75d13d2ad457889d978
MD5 hash:
3b966847fdca49a6be88da1a46bbea1f
SHA1 hash:
c16fefa9b99477e3bd77d055fd91d794096da333
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
bba33d3c2fe69e8014f040f87023e7acca64f8e37dec0a8f825c7ea85613acce
MD5 hash:
22fe493e214ab879ad3f6ef4b20c66bf
SHA1 hash:
62c158d9ab367133effc5251ac5f2b0b07686aad
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
e791aa495da4095f7b7798f1b039c11aa9342174193b94d9d1a5678815ba6408
MD5 hash:
6d49d51c4e562762e56b66309f872a58
SHA1 hash:
e07e7bdcdda5b5ada485b04f6f2fcdda7d8a4f40
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
29a4a2d2df0a314e7429eca9e622ac07642382a81789ab6b136801591a597df8
MD5 hash:
c2e2bf065a851ca8479b981871c3ac7b
SHA1 hash:
ebd19ac3bb99f971b8f175ad67a6670b4a162dbf
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
1627ab5da6c7de9400128735bb7115702b314ded3a27ada00282a54014aff0db
MD5 hash:
5c31170ce8072c9c6fa7805f3bdf905b
SHA1 hash:
ef7b69c2e77b999655f1ec207e3f362b07f74f4a
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
e53fd420f9f20c50e54a1cc280b314cab350c4207e52f8f42a8a517b84722e9b
MD5 hash:
d3a18e28445287baab8c6dfa79cf545e
SHA1 hash:
a9470f2526a0f0dcb4b1e014a7615bed3e0545b4
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
SH256 hash:
05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d
MD5 hash:
97e310ab768121af440348c0067fbe82
SHA1 hash:
21e505b0229d8bc4984685db6754d059e1495506
Link:
https://www.unpac.me/results/022eb6fe-d3fd-4122-9301-2ae6f6f87d00/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:RansomPyShield_Antiransomware
Create hunting rule
Author:XiAnzheng
Description:Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP)
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:YahLover
Create hunting rule
Author:Kevin Falcoz
Description:YahLover

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 05b190d7477577e8610d837347308437f00b82e65be8239c1e6b44960368491d

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::CopySid
ADVAPI32.dll::FreeSid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::GetAce
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
ole32.dll::CoCreateInstanceEx
ole32.dll::CoInitializeSecurity
ole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaWINMM.dll::mciSendStringW
WINMM.dll::timeGetTime
WINMM.dll::waveOutSetVolume
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AddAce
ADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::CheckTokenMembership
ADVAPI32.dll::DuplicateTokenEx
ADVAPI32.dll::GetAclInformation
ADVAPI32.dll::GetSecurityDescriptorDacl
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::CreateProcessAsUserW
KERNEL32.dll::CreateProcessW
ADVAPI32.dll::CreateProcessWithLogonW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::SetSystemPowerState
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
IPHLPAPI.DLL::IcmpCreateFile
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
ADVAPI32.dll::GetUserNameW
ADVAPI32.dll::LogonUserW
ADVAPI32.dll::LookupPrivilegeValueW
WIN_NETWORK_APISupports Windows NetworkingMPR.dll::WNetAddConnection2W
MPR.dll::WNetUseConnectionW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegConnectRegistryW
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::BlockInput
USER32.dll::CloseDesktop
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::FindWindowW

Comments