MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d
SHA3-384 hash: a7d4fe14259b0389cfc0a848f67a425c85eb2aa2844b08ff4f1a6122296087d1e35a7de2314657f723ee57cd8eac431f
SHA1 hash: 9072a751e68fe39222aebc87ffb898a423310ce9
MD5 hash: 2890a00ef6943ed98e2b7c6e3e49ae1c
humanhash: eleven-kansas-spaghetti-twenty
File name:2890a00ef6943ed98e2b7c6e3e49ae1c
Download: download sample
File size:6'656 bytes
First seen:2024-07-18 07:19:01 UTC
Last seen:2024-07-24 11:04:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d05b0177ab28f06d3d1e9fcdf34c8fb7
ssdeep 96:6HVOFf/ncx4Sc446u4Dd5T7ndOgBqeGcAP1Ys0hGj6p3ol:6HWf/n04Sc4A4xNYgI0AtY/pw
TLSH T140D1E51B31D52989CD2581BDCFE55233811E78051F1AEEFF0278E1932E67AD0917DBA1
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter pwnd
Tags:exe


Avatar
LordDagon3
extracted from memory

Intelligence

File Origin
# of uploads :
2
# of downloads :
381
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
vidar
Create hunting rule
ID:
1
File name:
https://briskmailer.in/TradingView%20Desktop.zip
Verdict:
Malicious activity
Analysis date:
2024-07-17 09:20:48 UTC
Tags:
telegram vidar stealer loader
Link:
https://app.any.run/tasks/dd1a50b2-cf27-40fa-bc35-567d1510f398

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.15704.10091.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6698c1ed715586f538b3aac7
Tags:
Variant
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin microsoft_visual_cc packed shell32
Link:
https://www.filescan.io/uploads/6698c1eaf1068d66afbed99c/reports/727d5012-bca2-485d-bccd-a328f750a104/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ceb95a7e-927b-4fd8-9d6c-21197781f929
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1475743
Signature
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Contains functionality to inject code into remote processes
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
52%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-06-21 20:27:45 UTC
File Type:
PE+ (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bk2bsmhquggxmkiddp243gumocimcomdyhlvm64qdamf6d5br4gq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240718-h5hh5s1glf/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/839f06db-be8f-4e57-bfa4-76e2ce106e26
Unpacked files
SH256 hash:
0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d
MD5 hash:
2890a00ef6943ed98e2b7c6e3e49ae1c
SHA1 hash:
9072a751e68fe39222aebc87ffb898a423310ce9
Link:
https://www.unpac.me/results/00fe9071-d31a-4951-87ad-3e56d3ddbce7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Vidar

Executable exe d683ca36092cd2be3cdf8b38bc26a79e7067ee1779619d14f943069f255919e1

Executable exe 0ab41930f0a18d7629031bf5cd9a8c7090c13983c1d7567b9018185f0fa18f0d

(this sample)

anyrun
any.run
https://app.any.run/tasks/90ed097a-435f-4806-a7a1-bb216ef432ae
  
Dropped by
MD5 8bea4ed23c54744533c32994e6c88deb
  
Dropped by
SHA256 d683ca36092cd2be3cdf8b38bc26a79e7067ee1779619d14f943069f255919e1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA

Comments