MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7
SHA3-384 hash: 968f53cbe8706b8f0d44b6af8dff540fd529b9e140bcc080df9013d07987e6eba949e48e11756cd94e9682eb807b3d39
SHA1 hash: 01d1e96706ce8d56cb0af2202398f2f5463e6986
MD5 hash: 58a270921831af00df225f887bfb2f89
humanhash: oscar-high-harry-vermont
File name:58a270921831af00df225f887bfb2f89.exe
Download: download sample
File size:7'047'111 bytes
First seen:2023-07-24 15:36:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c6e51dda1622035b42b177c9afe67c30
ssdeep 196608:e1DNr558bhV8dkwDsb6M31fyU3Gt2UlWt9G5SkKuB/ab:e1DNFabhV8d9+d1fj3k2woJuQb
Threatray 34 similar samples on MalwareBazaar
TLSH T17F661216B9608C74D593D0331015D6A39205D68EBA18DBCF23B11D0AFEF59EB8B12BED
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 1a3e69c8f012dcd9
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
281
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/431298/
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a window
Gathering data
Verdict:
Malicious
Labled as:
Trojan.GenericFCA.Agent
Link:
https://www.hybrid-analysis.com/sample/0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f1f2b60d-dcc6-49bf-8376-dcff4945b732
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1278443
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1278443 Sample: vE3lqwIhvu.exe Startdate: 24/07/2023 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 vE3lqwIhvu.exe 2->6         started        process3 process4 8 javaw.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-24 06:27:28 UTC
File Type:
PE (Exe)
Extracted files:
2772
AV detection:
7 of 38 (18.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bnp64l64zaxqmk2bfirkh7b6lzjck7nbmdgihxqlk2nudwsvcp3q._file
Verdict:
unknown
Similar samples:
14966a7a72a99444cae654f28e2bc4dbb92b7af8e75e98045ba5ffedce4a3407
2221ff7ad5fbb6e42a65b10f3317ddab5616e1c90ab40647075a17db5788f907
24a9c6dabac2cff15f96de43dc26aed74ac750e66fd239d2330c0bdaa65542d1
2cdd9e76cebe68ba75d1e43ff4759147b9c27a9cf66624590caba9bf8c405431
4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8
7ee83c2c5f7d401f2531598194d8f98b51369914299d0240994fdd773799e9f7
87e18f4cc965ba6a9b30326b7332196eb08c75e8bd213c5f8f77bb7e6834c842
9785e32632c3b6b652f3fd3e0d4624b23090140e4cd14f0ae85819f243d93615
da44ee4f0906dccee0c4653f9ada9668b3588b1821ebc52f0e99b15b1dfa414e
dd61ac8cd411106cef32fbc71827d92609ccfb3941e70294badbb07910e4b700
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230724-s2gsjsfe5w/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7
MD5 hash:
58a270921831af00df225f887bfb2f89
SHA1 hash:
01d1e96706ce8d56cb0af2202398f2f5463e6986
Link:
https://www.unpac.me/results/0b55296b-a4ae-4f43-a406-41ed6ce71fbc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2557677/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/431298/

Comments