MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7
SHA3-384 hash: f6376c949e478e707515053625f2b99803a17bcc126c42080d8fb26d0e4f303fc46ef7983670194ceef618f1aec92f40
SHA1 hash: a4a1456eaf16db0199b663eb892aae0347329a6b
MD5 hash: ad91812c13944ce428cefd80c7fa80ee
humanhash: chicken-bulldog-alabama-artist
File name:ad91812c13944ce428cefd80c7fa80ee
Download: download sample
File size:1'179'648 bytes
First seen:2022-01-24 02:59:22 UTC
Last seen:2022-01-24 04:43:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 24576:U4GHnhIzO1nWUDmEAk5m36NpuqlXSaWWFWWgvnCWBmZt:Dshd1nGMhNpuqlC6gRKWBi
Threatray 61 similar samples on MalwareBazaar
TLSH T18D4523A1F8111D2AE5A608FC1C63D679683A5C5099B07673130CF70EB93E3C9CF6769A
File icon (PE):PE icon
dhash icon 10f0d4d4cc687110
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7.zip
Verdict:
Suspicious activity
Analysis date:
2022-01-24 03:27:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e1f92b2e-a7eb-4ae9-b91a-1597c343c398

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/221785/
Detection(s):
PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% directory
DNS request
Creating a file in the Windows subdirectories
Сreating synchronization primitives
Sending a custom TCP request
Creating a file
Running batch commands
Creating a process with a hidden window
Launching a process
Sending an HTTP GET request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61ee1633f81da814af9e8273/reports/7b5dc7cc-cd77-4439-858d-b608e6b36386/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9d893e0a-4431-4ba3-9739-e2eea63e636b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/925984
Signature
Binary is likely a compiled AutoIt script file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-24 01:35:55 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
26cb425375a7613736c367866d0b79b8b7d8845437ec88e87bc83146445f892e
2a2c98c65ef497baf7ebfa7ecca3b177869eaa2f73a9dc9b438990fa9e42250e
40ac8e128b78d30d49accda865a6ca90a23cf7b7e5f31042c7df55a9fe1b5af4
623ae88bce9d510aafbbeb7a65d3eb39510b563231e0e22108fe04c77be90a29
7433dea27f88e047cf95bd1eaad9008a9883a8357b41970bee9566a3af76d2ef
a665187e18e7f9666da6e401c3c09093db2a404912f3e69984fc39bd6ee1cd90
b29a1b48648aacf2fe60861692bd0991cf226956ea986b687972667496e1d7d7
d3dc4b2cf4dcc0e0ba520ab033e94a7725aa8f86c2b05d49fef5e5e1f60b7844
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220124-dhb1maaghj/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7
MD5 hash:
ad91812c13944ce428cefd80c7fa80ee
SHA1 hash:
a4a1456eaf16db0199b663eb892aae0347329a6b
Link:
https://www.unpac.me/results/a2b25d3f-fe0b-4ce9-b212-0cac2e9f7871/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 07b5a9800fac17098c8e020f14360234437c2a316163c1e64479bd5622e1b8a7

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/221785/
  
URLhaus
https://urlhaus.abuse.ch/url/2001568/

Comments


Avatar
zbet commented on 2022-01-24 02:59:24 UTC

url : hxxp://jxwd.cc/wxtools/WxTools2.exe