MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a0fcade07b17c39c6b7a278c3b4a9c9380b935aae03b468351209090d7d21ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a0fcade07b17c39c6b7a278c3b4a9c9380b935aae03b468351209090d7d21ba
SHA3-384 hash: 855bd5cd7a40a73fea407b46ade23d6327cf08b1446574be9d460fac307cdbdcd716729fbfa952d2512fea915f10f932
SHA1 hash: fdcc0e09f333d93de2499bd2a7bd6989c6467d83
MD5 hash: cbed4030ba45a8887b137e314d2977c4
humanhash: twelve-romeo-minnesota-social
File name:cbed4030ba45a8887b137e314d2977c4.exe
Download: download sample
File size:65'536 bytes
First seen:2022-10-04 11:22:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:Ts87Awurg9QJvRcwOKP+ldM3C3f9GxZO5z2B8GFEDo:g2Aw3QCM6kxd
Threatray 1'307 similar samples on MalwareBazaar
TLSH T11053D093E158C72AE8718B30887B9DDA40776DB8E494214F3C88BE1B2E373175931A27
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon cc0f33313333ccd4 (4 x AsyncRAT, 1 x RemcosRAT, 1 x PureMiner)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/316482/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62509410.14377.15800.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Sending an HTTP GET request to an infection source
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/633c17965c60ccc9fcff3127/reports/93f07d75-94d2-4c52-9013-26d1e06bb762/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/63feae29-2e7c-4c6c-996b-fba75ac7b502
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1083178
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Encrypted powershell cmdline option found
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 715736 Sample: gBwLclx7y7.exe Startdate: 04/10/2022 Architecture: WINDOWS Score: 84 17 Snort IDS alert for network traffic 2->17 19 Multi AV Scanner detection for domain / URL 2->19 21 Antivirus detection for URL or domain 2->21 23 3 other signatures 2->23 7 gBwLclx7y7.exe 14 3 2->7         started        process3 dnsIp4 15 194.38.23.170, 49701, 80 PRAID-ASRU Ukraine 7->15 25 Encrypted powershell cmdline option found 7->25 11 powershell.exe 14 7->11         started        signatures5 process6 process7 13 conhost.exe 11->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a0fcade07b17c39c6b7a278c3b4a9c9380b935aae03b468351209090d7d21ba/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2022-10-04 08:22:47 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
10
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bih4vxqhwf6dtrvxuj4mhnfjze4axe22vyb3i2bvcieqsdl5eg5a._file
Verdict:
malicious
Similar samples:
07f2d4559c633807609f3169ccbc9bfa83d68791984cd52d519a46a738a676d1
5f8b89ab7942f1614fbb266da54e2e4d714feb15b430eb49ed433f74e9a998dc
a270de65a465e6d5a2cf982ef073c91485a12de0bc2b76118e9c4077daf1217e
b78d348dc8a28e80d79acd9118ea488c502a18c30b211a03edd4cfd59715090f
d57321805b57d9a004d652b7d8b00d9045d6940800653374e2a47c7dad2e9196
d5d8501413231217f31c6b614fbc4e5cba5ba8cabb6da772e5ed82e484238088
d8b8f7d0334857a3749963c08491c155c6743af96f8ad779101060ff71a9eca3
fa8d8657315c0ff3057652f4b34194de08fa9d2ff3028ad2043b53c551851358
+ 1'297 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/221004-ng577aaga7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/dfb54782-e3f7-496d-a87e-def8b3981acc
Unpacked files
SH256 hash:
0a0fcade07b17c39c6b7a278c3b4a9c9380b935aae03b468351209090d7d21ba
MD5 hash:
cbed4030ba45a8887b137e314d2977c4
SHA1 hash:
fdcc0e09f333d93de2499bd2a7bd6989c6467d83
Link:
https://www.unpac.me/results/cd252752-9a18-4b0d-af1e-4e0841a6a2bb/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0a0fcade07b1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a0fcade07b17c39c6b7a278c3b4a9c9380b935aae03b468351209090d7d21ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0a0fcade07b17c39c6b7a278c3b4a9c9380b935aae03b468351209090d7d21ba

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2307201/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/316482/

Comments