MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74
SHA3-384 hash: ca2c1bb7b7e7fd2243d2b834b3bf97c3cd662d7d051381973918d6b5dd9cece4294fbd7b45ba435b07212fb7f4c92d11
SHA1 hash: 8ffc9f3849367dd49a7343f93fe89c4334e0e8e8
MD5 hash: adedd1e335dbca1d69902560cfd0b304
humanhash: victor-dakota-triple-ink
File name:adedd1e335dbca1d69902560cfd0b304
Download: download sample
File size:2'238'011 bytes
First seen:2023-12-22 07:19:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d0e3506c01cb61e9312cbea4911e92e
ssdeep 49152:UJGiTekxu6lUBeZ1NJ8RrVrA2sraQHEqJlq8WHG:UIiTzUkUBeZ7uRRA2sr9JQ8WHG
TLSH T161A5331131BDCBF6C1800930C6653BB290F2D3194B9248FB67965F1B2E791C7E735AAA
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468960/
Detection(s):
Win.Packed.Babar-10011011-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
installer lolbin overlay packed sfx shell32
Link:
https://www.filescan.io/uploads/65853869b2e45ed099c1be10/reports/55c19209-55b1-4901-9cdb-36736388d2b5/overview
Verdict:
Malicious
Labled as:
Packed.Babar
Link:
https://www.hybrid-analysis.com/sample/0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raspberry Robin
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/db5a31b3-1302-4bfe-b60e-5f3e4413994c
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1366043
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1366043 Sample: OrXFd751H8.exe Startdate: 22/12/2023 Architecture: WINDOWS Score: 76 24 Antivirus detection for dropped file 2->24 26 Multi AV Scanner detection for dropped file 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 2 other signatures 2->30 9 OrXFd751H8.exe 3 3 2->9         started        process3 file4 22 C:\Users\user\AppData\Local\...22tHO8x7.cPL, PE32 9->22 dropped 12 control.exe 1 9->12         started        process5 process6 14 rundll32.exe 12->14         started        signatures7 34 Tries to detect sandboxes / dynamic malware analysis system (file name check) 14->34 17 rundll32.exe 14->17         started        process8 process9 19 rundll32.exe 17->19         started        signatures10 32 Tries to detect sandboxes / dynamic malware analysis system (file name check) 19->32
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2023-12-22 07:20:07 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
19 of 23 (82.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=biw3mda65ukznr5uxc5zq74gh36vpvgc75qmibrtxplkagp2br2a._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231222-h5j2zadge7/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
a24882fb05c6ac19f3fd47f9a2ce47cc3a7da2d3702aa24af944e209be4285ac
MD5 hash:
cefb9fd021f4533e50dd06f2fa4103cd
SHA1 hash:
d28ccad15d30348d5d550b48538cea7c2cd0fb62
Link:
https://www.unpac.me/results/02936cfa-ef9a-45c4-9873-aade86ec1751/
SH256 hash:
0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74
MD5 hash:
adedd1e335dbca1d69902560cfd0b304
SHA1 hash:
8ffc9f3849367dd49a7343f93fe89c4334e0e8e8
Link:
https://www.unpac.me/results/02936cfa-ef9a-45c4-9873-aade86ec1751/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0a2db60c1eed1596c7b4b8bb987f863efd57d4c2ff60c40633bbd6a019fa0c74

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/468960/

Comments


Avatar
zbet commented on 2023-12-22 07:19:02 UTC

url : hxxp://dcfsdfds2fdhfgj.sbs/setup294.exe