MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e6860a8ce361236ec4bff327266a53152fe642e30bc076cada2d8ec9c1fa3c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e6860a8ce361236ec4bff327266a53152fe642e30bc076cada2d8ec9c1fa3c1
SHA3-384 hash: d411b254688e66f405e04dd8fe091a4b211b0688739598f6dc2a0dca74be48afa9f2a1c5d73fec0adcc8ac83a3d04a28
SHA1 hash: 4481d1cdb623fd775cb342f27c44305018bbe746
MD5 hash: a6d90369d389bb04cf4619cd820b8210
humanhash: king-vegan-alabama-ten
File name:a6d90369d389bb04cf4619cd820b8210
Download: download sample
File size:850'496 bytes
First seen:2022-01-31 02:25:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 616a74cc49697a109c9099edcedf2191
ssdeep 12288:7KpVlP6EG8S6fIPFljN0UEeR/8IQypUPRsxgxzZRUbxRpv52uomj7m0:2mnD8zIQypmRsCzZ+Rpv5em3v
Threatray 1 similar samples on MalwareBazaar
TLSH T112055B122AA9FCE9C1F91172677B9BC5632DAEA01367D1CB53D03619683C2E33E35712
File icon (PE):PE icon
dhash icon 00d8d8c8c8e02440
Reporter zbetcheckin
Tags:32 exe signed

Code Signing Certificate

Organisation:Open Box Models Limited
Issuer:Sectigo Public Code Signing CA EV R36
Algorithm:sha256WithRSAEncryption
Valid from:2021-10-11T00:00:00Z
Valid to:2022-10-11T23:59:59Z
Serial number: 18b141416f9a664c1ea6f6b559e5db82
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: e8fe310c9bae25ee9be8f4b832da530d7cb163d2b54755965215a08e43e82ad3
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a6d90369d389bb04cf4619cd820b8210
Verdict:
Malicious activity
Analysis date:
2022-01-31 02:33:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7c09e429-0032-4768-b89d-8850be586954

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228226/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.48189434.14318.30182.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Moving a recently created file
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file in the %temp% subdirectories
Launching a process
Searching for the window
Setting a single autorun event
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5545/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm control.exe explorer.exe fingerprint greyware hacktool msiexec.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61f748bdd9e6538232d574e9/reports/a330e357-aa53-45e3-8b7e-6325d94b06d1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dapato
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7ebbab9d-f617-481b-8cc7-f8f7fc8afe46
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/930589
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e6860a8ce361236ec4bff327266a53152fe642e30bc076cada2d8ec9c1fa3c1/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-01-29 10:39:04 UTC
File Type:
PE (Exe)
Extracted files:
54
AV detection:
10 of 43 (23.26%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05ba36adc06b3ca377293860d2fc9663ef886d04f13b524f34d1d21bce10fb84
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/220131-cwwfraecg9/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Launches sc.exe
Adds Run key to start application
Enumerates connected drives
Loads dropped DLL
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
0e6860a8ce361236ec4bff327266a53152fe642e30bc076cada2d8ec9c1fa3c1
MD5 hash:
a6d90369d389bb04cf4619cd820b8210
SHA1 hash:
4481d1cdb623fd775cb342f27c44305018bbe746
Link:
https://www.unpac.me/results/9d0f94c6-0e30-424e-994b-46405e2297d2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0e6860a8ce361236ec4bff327266a53152fe642e30bc076cada2d8ec9c1fa3c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0e6860a8ce361236ec4bff327266a53152fe642e30bc076cada2d8ec9c1fa3c1

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2017387/
Cape
Cape
https://www.capesandbox.com/analysis/228226/

Comments


Avatar
zbet commented on 2022-01-31 02:25:16 UTC

url : hxxp://openboxinstaller.s3.amazonaws.com/msi/0/1.0.0/openboxaddin.exe