MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08884d4ee51df79cdb311524ec99783ddd3d73bde064cffe98b0b79118e817e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08884d4ee51df79cdb311524ec99783ddd3d73bde064cffe98b0b79118e817e7
SHA3-384 hash: 68d2fbe203cb76ac7a0a1181e625b863fb2de6a9d6e2ef54b4dfadf272eea53594c23494ef60d64f07ea30b5572a0b8e
SHA1 hash: cfc8f942dd658da73ac23065dc64e694e5e059e0
MD5 hash: 69ec1685e9b69e091b6bd6fafafe4f01
humanhash: bacon-venus-nine-autumn
File name:CV.exe
Download: download sample
File size:866'304 bytes
First seen:2021-09-01 14:09:49 UTC
Last seen:2021-09-01 14:24:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (74 x Formbook, 33 x Loki, 29 x Loda)
ssdeep 12288:PXe9PPlowWX0t6mOQwg1Qd15CcYk0We1zzjm0WNuJvRidGB0rnK0WFnhfBb8aH0R:WhloDX0XOf49e08sRmGyrGhZb8aUGi
Threatray 1'168 similar samples on MalwareBazaar
TLSH T1E1051285D8793997D93A147A9348C6F309136E7DC2B00A33B2E97A7F462B43BA571133
dhash icon 69e8b292b2f0e071
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CV.exe
Verdict:
Suspicious activity
Analysis date:
2021-09-01 14:16:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f8101f32-870e-4ab3-8e93-0d434021a8ea

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/184487/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

SecuriteInfo.com.W32.AIDetect.malware1.26871.13679.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Deleting a recently created file
Unauthorized injection to a recently created process
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/24fc8f6b-17fa-45c0-99f1-96f96de912e2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/843381
Signature
AutoIt script contains suspicious strings
Changes security center settings (notifications, updates, antivirus, firewall)
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Sample uses process hollowing technique
Sigma detected: Suspicious Svchost Process
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 475808 Sample: CV.exe Startdate: 01/09/2021 Architecture: WINDOWS Score: 68 25 Multi AV Scanner detection for submitted file 2->25 27 AutoIt script contains suspicious strings 2->27 29 Sigma detected: Suspicious Svchost Process 2->29 8 CV.exe 3 2->8         started        process3 signatures4 31 Maps a DLL or memory area into another process 8->31 33 Sample uses process hollowing technique 8->33 11 svchost.exe 8->11         started        14 CV.exe 8->14         started        process5 signatures6 35 Changes security center settings (notifications, updates, antivirus, firewall) 11->35 16 WerFault.exe 23 9 14->16         started        19 MpCmdRun.exe 1 14->19         started        process7 file8 23 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->23 dropped 21 conhost.exe 19->21         started        process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08884d4ee51df79cdb311524ec99783ddd3d73bde064cffe98b0b79118e817e7/
Threat name:
Win32.Trojan.Auzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-09-01 14:08:25 UTC
File Type:
PE (Exe)
Extracted files:
45
AV detection:
13 of 45 (28.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bcee2txfdx3zzwzrcusozglyhxot24554bsm77uywc3zcghic7tq._file
Verdict:
malicious
Similar samples:
5d2e4f11193ed6e79071fe272dbd73db699e90f50c1ad9fdd9bdd03f165139e2
69858f544bafcbb3e3f32f1584fa4d162cdc44cd9fd05c129044ff081a8becae
8344690f025846a5a0dcf5d6012a94cddcfe48ffcc06fa6d566bb4ef149e6716
91e8ea3e431c0ad9faf6dfe01eb29e4834940054379deb8b657d9cbe23e91682
a7a1a43d30f2cb7ee32934670de804b7a2c2961e2ef950339438eab91b1e438b
bf70a83b41c0e405e4c21c3253d0a80a34e08a2da16ad6e36e77d2f070cb6f82
c46c1d3ce137b855a860af126e8986175501defc0a3f69c5472bf9d905c05bb4
c98a42f6e9e5f2e0e12f69c4ce7022265b7db271369ddb2ebff3348c0434d3cf
d8e5a9f36cf6a0844f217c04d46790e2202479c371b7be7f76a011b0dbac5a1b
+ 1'158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210901-bce5w5t26x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
488eaf896888860491b5eab613995853b662203a33d135f5502350df5dd4dffa
MD5 hash:
e119d5baaa14a8f52733c59db53bf943
SHA1 hash:
d6e8dbc9c3d0028b621450b027d437ea02b70f17
Link:
https://www.unpac.me/results/885a8665-b888-467c-8e0f-eca83bde2f18/
SH256 hash:
b52027d59c4249b5996db2777d9eacc8056c60915705c67a66d57f5b9cb0ee02
MD5 hash:
157f1ab52c89578bb542b792f6d12dff
SHA1 hash:
b119ee85023575bad692a7dd5509a2856934c80b
Link:
https://www.unpac.me/results/885a8665-b888-467c-8e0f-eca83bde2f18/
SH256 hash:
d7aa60ccb0918e29700690551bbd0e7670bc3a54e4c23a1ebfac4dd4645b8bf8
MD5 hash:
31a947d397c09f05e65f666e366401fe
SHA1 hash:
d88bc7d92b5e5654ba56d6ae7cc50a8df2934711
Link:
https://www.unpac.me/results/885a8665-b888-467c-8e0f-eca83bde2f18/
SH256 hash:
08884d4ee51df79cdb311524ec99783ddd3d73bde064cffe98b0b79118e817e7
MD5 hash:
69ec1685e9b69e091b6bd6fafafe4f01
SHA1 hash:
cfc8f942dd658da73ac23065dc64e694e5e059e0
Link:
https://www.unpac.me/results/885a8665-b888-467c-8e0f-eca83bde2f18/
Malware family:
Agent Tesla v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/08884d4ee51d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.49
Link:
https://yomi.yoroi.company/submissions/08884d4ee51df79cdb311524ec99783ddd3d73bde064cffe98b0b79118e817e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/184487/

Comments