MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84
SHA3-384 hash: bbffac1151994e1b1e7f4f178aea0e0620424cf0a1475352fb8d20b8a6854ced27cb92985b10778516b433c4ef0541c8
SHA1 hash: 57192a3a61012f0eeb7afab21c97e3b23a08cbce
MD5 hash: 988ba4728db4c7fb5bbe34c07c298856
humanhash: bacon-texas-tango-mississippi
File name:988ba4728db4c7fb5bbe34c07c298856
Download: download sample
File size:850'496 bytes
First seen:2022-01-31 00:43:07 UTC
Last seen:2022-01-31 02:51:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 616a74cc49697a109c9099edcedf2191
ssdeep 12288:DKpVlP6EG8S6fIPFljN0UEeR/8IQypUPRsxgxzZRUbxRpv52uomjPmZ:+mnD8zIQypmRsCzZ+Rpv5emjS
TLSH T1BC055B122AA9FCE9C1F91172677B9BC5632DAEA01367D1CB53D03619683C2E33E35712
File icon (PE):PE icon
dhash icon 00d8d8c8c8e02440
Reporter zbetcheckin
Tags:32 exe signed

Code Signing Certificate

Organisation:Open Box Models Limited
Issuer:Sectigo Public Code Signing CA EV R36
Algorithm:sha256WithRSAEncryption
Valid from:2021-10-11T00:00:00Z
Valid to:2022-10-11T23:59:59Z
Serial number: 18b141416f9a664c1ea6f6b559e5db82
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: e8fe310c9bae25ee9be8f4b832da530d7cb163d2b54755965215a08e43e82ad3
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
988ba4728db4c7fb5bbe34c07c298856
Verdict:
Suspicious activity
Analysis date:
2022-01-31 00:56:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0c690c89-f6b2-4344-ae16-6a0a5d53692a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228199/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.48189431.19131.15655.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Moving a recently created file
Creating a process from a recently created file
Creating a process with a hidden window
Searching for the window
Creating a file in the %temp% subdirectories
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5540/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm control.exe explorer.exe fingerprint greyware hacktool msiexec.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61f730d4fc92af0d80a68499/reports/c1a55584-47b6-46a0-8548-deece73f971b/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dapato
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b92863b1-1275-42c7-ac4d-5291c76909e4
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/930614
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84/
Threat name:
Win32.Dropper.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-01-29 10:39:20 UTC
File Type:
PE (Exe)
Extracted files:
54
AV detection:
8 of 28 (28.57%)
Threat level:
  3/5
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220131-a3hr5adea6/
Behaviour
Modifies system certificate store
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84
MD5 hash:
988ba4728db4c7fb5bbe34c07c298856
SHA1 hash:
57192a3a61012f0eeb7afab21c97e3b23a08cbce
Link:
https://www.unpac.me/results/fed59fc6-f685-44a4-98f6-2a9e4af6e9fe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/228199/
  
URLhaus
https://urlhaus.abuse.ch/url/2017240/

Comments


Avatar
zbet commented on 2022-01-31 00:43:08 UTC

url : hxxp://openboxinstaller.s3.amazonaws.com/msi/0/1.0.1/openboxaddin.exe