MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869
SHA3-384 hash:	2f85126d0b7bf57fae7169d0f6b9c42f06dc74adde2b0d18a919e9c34acdf4cb12a76dcccfd2391301319e16045e5df5
SHA1 hash:	1ec1042497fb368cf25b3be5da4ceb36c5adf4cf
MD5 hash:	0ddb686798e1232b6066a00db2b25e45
humanhash:	alabama-mountain-high-oscar
File name:	SecuriteInfo.com.Trojan-Spy.FormBook.26491.8044
Download:	download sample
File size:	15'065'088 bytes
First seen:	2023-06-30 16:55:57 UTC
Last seen:	2023-06-30 17:48:37 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	393216:4HD/VQHnuC0KPxcGTjAAc3+xMO9anZ6SzU4wtfMRKpBt:4j/VGTjcuwZ6OufMRgr
Threatray	343 similar samples on MalwareBazaar
TLSH	T132E6237B678CDAB5ED9FA6BBE012525287A2C00BA37FB3CD2E48D6F156C6750C804153
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

172

Origin country :

FR

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Trojan-Spy.FormBook.26491.8044

Verdict:

No threats detected

Analysis date:

2023-06-30 17:45:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/de720de8-3f93-44dc-a336-cbe7bb6239fd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Trojan-Spy.FormBook.26491.8044.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/649f09341a035eeff9b39450/reports/48f43570-6707-46ec-9b38-bc7a486e10a6/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ae9690a4-0f0c-490d-bb89-40558673990d

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1264352

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869/

Threat name:

ByteCode-MSIL.Trojan.Heracles

Status:

Malicious

First seen:

2023-06-28 23:10:49 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

5

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bvnbpu7qncpjisrxx6kcjymusmuaw56eafgl2pi4jemxp7757buq._file

Verdict:

malicious

Similar samples:

250572b649dbaa3e1d1cfc94579eeaed19752310c3e95b7c4105f62bc7385832

4e1e9baa83e4e1f612490a1348ba9d6aa431563ad96320705d3ea886a8ede4e9

5ebccb834beb6f0ac7b5dbfc8953da3c6a7466031da905d6716b7127b54b5c45

7c2484919615d020288017069415dfbb589b8052b22439e36707febb425d8565

7cc8ef889a24d8be46158ed9525edb3efe4b872709edfe4c565fb562271969ee

ad83447b6d362f0bae733ae90166306dcc9acb8e379f3285014b78edbe9fe916

b93b9b4b0168407f63a6c2c16a96e4a4b41d5d715bdb9f46254a214570ba1b6b

e62a32a33a570f93a15d0b1d4e8faf1ed30ea1aa15ec3e8bd9a0050cf557675d

f9c0b902d916f689dcf93a3557640741826483e3c2c3139a02605a5ec0546b29

fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505

+ 333 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230630-vfrrqsea28/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869

MD5 hash:

0ddb686798e1232b6066a00db2b25e45

SHA1 hash:

1ec1042497fb368cf25b3be5da4ceb36c5adf4cf

Link:

https://www.unpac.me/results/96f5a6d0-1bf7-43ac-99af-194c9df8a07c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/0d5a17d3f0689e944a37bf9424e19493280b77c4014cbd3d1c491977fffdf869

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample