MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bc250f43d37f663c9b9655be85caec78a7b8662b262b17abc67654f60709fdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0bc250f43d37f663c9b9655be85caec78a7b8662b262b17abc67654f60709fdd
SHA3-384 hash: 0119a717e3753af9c8771b059ad89373ce750198e59320b44e6874646e4ffd929adaca70f304837b8df43775eb4c9a4d
SHA1 hash: b4e3e1650e0acd128751732991f90199d6bad620
MD5 hash: 8c4589569bdece7048259d1d4bb6e170
humanhash: west-moon-autumn-oklahoma
File name:boxer-trc-scapy_PI-with-mods.exe
Download: download sample
File size:32'909'964 bytes
First seen:2022-12-19 23:29:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba5546933531fafa869b1f86a4e2a959 (10 x DCRat, 3 x RedLineStealer, 2 x RemcosRAT)
ssdeep 786432:i1n9LFNCEDEMbLW4t9jHZUfaEa6tN3KEQ1qar7qgjhZT:0nxFNC385HZUfawKEQE++wZ
Threatray 209 similar samples on MalwareBazaar
TLSH T1357733C097E26DAFE2920239D9F1D816DA5270BF1250413F1AE73902BD1B1ED9EBD316
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
dhash icon aebc385c4ce0e8f8 (10 x PythonStealer, 7 x RedLineStealer, 7 x DCRat)
Reporter MossSamoa
Tags:boxer-trc-scapy_PI-with-mods.exe exe


Avatar
MossSamoa
boxer-trc-scapy_PI-with-mods.exe test

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
DK DK
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
boxer-trc-scapy_PI-with-mods.exe
Verdict:
Malicious activity
Analysis date:
2022-12-19 23:30:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5104e9fa-1952-4829-98c8-c533709b2844

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Creating a process with a hidden window
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware njrat overlay packed python
Link:
https://www.filescan.io/uploads/63a0f3fdf1231afafd5c5365/reports/a554f6b6-6107-47aa-8d82-754f328828f4/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1137596
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 770324 Sample: boxer-trc-scapy_PI-with-mods.exe Startdate: 20/12/2022 Architecture: WINDOWS Score: 48 17 www.google.com 2->17 19 www.ask.com 2->19 21 askmedia.map.fastly.net 2->21 25 Multi AV Scanner detection for submitted file 2->25 8 boxer-trc-scapy_PI-with-mods.exe 502 2->8         started        signatures3 process4 process5 10 boxer-trc-scapy_PI-with-mods.exe 5 8->10         started        13 conhost.exe 8->13         started        dnsIp6 23 192.168.2.1, 8000 unknown unknown 10->23 15 cmd.exe 1 10->15         started        process7
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bpbfb5b5g73ghsnzmvn6qxfoy6fhxbtcwjrlc6v4m5su6ydqt7oq._file
Verdict:
unknown
Similar samples:
07ae2a00c878219dff16a32de2296ee69f23c596cde7e802a8deada12d21d982
393520554a19f1a2dc6c362b4c4eb97bd62caadc8489545c1f6fc57aae91cc58
4be357460889b0a692758973d803beca3aab18a17a7be7080c4f1b34b1c036b9
55524d7ca19e4ca458a58e24078ec59159e337dc1919f3cfbba668e98b7ec807
61b16d71a76f83cef63d079b0735cd0a1cee24f1119063e28ef1f227f2bb27c4
76f4028be569b642d396b8e8936779493280aabcc3329f9058c19e78936c113e
8befc91b605e2dd3ee8917f6e4b2ab943ec7900d257b704955c2defc0328b4d8
9294388f5992c2a12ea3f1dd14a232f3f681b759784411ce373ae95f23cefbee
e5a955c152fd17571a18f1d671e6165f0e76cae56b466be7405ebb661378724b
+ 199 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/221219-3g5nzsgd35/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d32dcae6-2c86-4176-a951-5a004fa8df8b
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0bc250f43d37f663c9b9655be85caec78a7b8662b262b17abc67654f60709fdd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments