MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08da04343342bd62a587c5cb2b6e1b0e241dd163a317d77a297f964da2f216a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08da04343342bd62a587c5cb2b6e1b0e241dd163a317d77a297f964da2f216a7
SHA3-384 hash: 7a11f892deb0948d04d1802e33638ecf94058c7f6d02802b087167105c4fb7cefe9a832fdebd7083e0f5aedbd5a08df3
SHA1 hash: f621b7376d1572dea9fd8594d82984a9e46afda5
MD5 hash: 6c54e58f560f981ba8c52ba32f46c37d
humanhash: four-london-montana-juliet
File name:Lista de orden.exe
Download: download sample
File size:779'776 bytes
First seen:2021-04-12 17:54:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 23399c21b0aa604a8aa13da9702198d1 (3 x RemcosRAT, 1 x Formbook)
ssdeep 12288:XjsnTVNRUWpHKTXa8+XBM9gN4W9t7ocLyg0c0QKRmp:XjMmMH8XEgfqFDd0QK8
Threatray 42 similar samples on MalwareBazaar
TLSH 89F49E21B6A18837C16E1979DD1B53E8EC36FF10FA64A90A6BF41C485F387907A352D3
Reporter TeamDreier

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Lista de orden.exe
Verdict:
Suspicious activity
Analysis date:
2021-04-12 17:56:56 UTC
Tags:
installer
Link:
https://app.any.run/tasks/e4a1ffe7-6f90-4eec-b36a-91629167ab5e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/133827/
Detection(s):
PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader38.29905.6042.8337.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/673442
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08da04343342bd62a587c5cb2b6e1b0e241dd163a317d77a297f964da2f216a7/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 10:52:46 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bdnainbtik6wfjmhyxfsw3q3bysb3ulduml5o6rjp6le3ixsc2tq._file
Verdict:
malicious
Similar samples:
17c742f29afb5c4352f3fb0079fbb0b2d72da1e65cfc59695f9a7259088b4615
52fa8487efeb8b203fb1f37501c366088b71de4ded620695ba2e34e8c0f446a2
88387fbf4550ae2b3f4f98dca8656531e543320e125438ebd2b8d2cd29b88cc1
8a1b2093240b008b261eead28a9a024f7f74ee2d725893d3f78954c899d73105
969c356e48ffb2e13979513881838131bf9f61f5bfbe14e4314fece49d9e01ad
b63a672f485defdec1774da3ab65fa6e8ec2525d3740dd1ba79c28d0945aa04d
e5065ecce465f659ef4f82667fc0c3bccb3e596497d884cc95b61008ec1a707b
f199f051d76eae8d5ddf0ee522868aa6878425948f4fc23c53e547995c403cbe
f2a1b48f82208d3d1bf4e613fd7c6a16f63c96ebb2c31ed502ec67cb6768b2f6
fd7d52177d6001903bc170f10936d6f67f15f18696874238e1c9e2c694036f97
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210412-jh9fqlghsn/
Unpacked files
SH256 hash:
31ffb1d8050b158b4c432cbb831f9da9b918443b7ed3ecca7e3d7a18a531e3f9
MD5 hash:
406f0b9cc6dacbdd1b715c557b941343
SHA1 hash:
77387463c87215e20a8592430665820cbb146660
Link:
https://www.unpac.me/results/2d8eb83f-842d-4823-8097-69d5ef8b054f/
SH256 hash:
08da04343342bd62a587c5cb2b6e1b0e241dd163a317d77a297f964da2f216a7
MD5 hash:
6c54e58f560f981ba8c52ba32f46c37d
SHA1 hash:
f621b7376d1572dea9fd8594d82984a9e46afda5
Link:
https://www.unpac.me/results/2d8eb83f-842d-4823-8097-69d5ef8b054f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/08da04343342bd62a587c5cb2b6e1b0e241dd163a317d77a297f964da2f216a7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX
Rule name:MALWARE_Win_DLAgent07
Create hunting rule
Author:ditekSHen
Description:Detects delf downloader agent

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/133827/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-14 17:21:56 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0001.032] Anti-Behavioral Analysis::Timing/Delay Check GetTickCount
2) [B0009.029] Anti-Behavioral Analysis::Instruction Testing
3) [B0012.001] Anti-Static Analysis::Argument Obfuscation
4) [F0002.002] Collection::Polling
6) [C0026.002] Data Micro-objective::XOR::Encode Data
8) [C0051] File System Micro-objective::Read File
9) [C0052] File System Micro-objective::Writes File
10) [E1510] Impact::Clipboard Modification
11) [C0007] Memory Micro-objective::Allocate Memory
12) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
13) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
14) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
15) [C0038] Process Micro-objective::Create Thread
16) [C0041] Process Micro-objective::Set Thread Local Storage Value
17) [C0018] Process Micro-objective::Terminate Process