MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f929055fe65b564a64b56dddba8708f46ddb3e1882ca5224ce62483f86837d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f929055fe65b564a64b56dddba8708f46ddb3e1882ca5224ce62483f86837d8
SHA3-384 hash: 14abced2a9135d03d79156dc45f080d97c97bdf781ce66f01cb73b44183ec5ac9d049d3cfaaf050bd40207b315383405
SHA1 hash: 2264a4a2916075e8bfad12c53c5d66d4dba2650f
MD5 hash: 8bdf2384d84eeb24105ff2a853d08af4
humanhash: batman-vegan-vegan-king
File name:8bdf2384d84eeb24105ff2a853d08af4.exe
Download: download sample
File size:58'376 bytes
First seen:2020-12-18 07:51:55 UTC
Last seen:2020-12-18 09:59:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 768:Od59sSeyUYggiKw+Qb9gJREd6Gflv2NNUf2hH:OdjVcgiKjQbI7Ufi
Threatray 17 similar samples on MalwareBazaar
TLSH DA4321D0AEF8465BC42EF73812D93802BF764D642A35CA5F4632346369D33856EDA40F
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://mute-saga-0240.lovesick.jp/OSW.exe
Verdict:
Malicious activity
Analysis date:
2020-12-17 07:43:13 UTC
Tags:
loader
Link:
https://app.any.run/tasks/82701acc-9275-414d-9955-8865fc5c14cf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108320/
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.106.14729.21379.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Launching a process
DNS request
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/566031
Signature
Connects to a pastebin service (likely for C&C)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 332094 Sample: PhjUYQe2gP.exe Startdate: 18/12/2020 Architecture: WINDOWS Score: 52 23 Multi AV Scanner detection for submitted file 2->23 25 Connects to a pastebin service (likely for C&C) 2->25 7 PhjUYQe2gP.exe 15 3 2->7         started        process3 dnsIp4 21 hastebin.com 104.24.127.89, 443, 49707 CLOUDFLARENETUS United States 7->21 10 WerFault.exe 20 9 7->10         started        13 cmd.exe 1 7->13         started        process5 file6 19 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 10->19 dropped 15 conhost.exe 13->15         started        17 timeout.exe 1 13->17         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f929055fe65b564a64b56dddba8708f46ddb3e1882ca5224ce62483f86837d8/
Threat name:
ByteCode-MSIL.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 15:54:05 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0c6dbb5a8b9e0e7189b201b4387c4d23f2eec78a1b8c66834fc51a10b9f992f9
29eb1cc47e1691ce931b66a745b10f88dff84fbdd8b8ec7b407137c362a9154f
320592aa53514c7fd425f4c691e4be802ca964955d5a6fdd960a8725c36737b4
8bb625e15877474a379c52910cf7741a3b356416f89c019456d740aae69aea33
9cef44491d14577c5041187e34b13b784c7f26ab95ead4db16081e8c3d9c8a1d
af1ce5c2a758843b6812b25d3f7646fe186575c7b06510cf8fdbcbe1f827c0c9
b720bb099278eb3112fab7c425fcc3f967b9b4e62ecdd114004d524831300d2e
e3c342be37ab6f49260bc36cec49561b08479b1a577ec2df7b634caffd585d96
f98cf2cf8e955de4ec84861e17cb41ea86226286ffe733633e3dfda5344bae32
fb25872744b711f6c9290d7ce2d3cf371e89c9919c8d77786ab528e47034d0e3
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201218-bvlenkqgan/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
0f929055fe65b564a64b56dddba8708f46ddb3e1882ca5224ce62483f86837d8
MD5 hash:
8bdf2384d84eeb24105ff2a853d08af4
SHA1 hash:
2264a4a2916075e8bfad12c53c5d66d4dba2650f
Link:
https://www.unpac.me/results/5693fbd6-f270-4ac6-8e30-8cc289d3d610/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0f929055fe65b564a64b56dddba8708f46ddb3e1882ca5224ce62483f86837d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0f929055fe65b564a64b56dddba8708f46ddb3e1882ca5224ce62483f86837d8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/923307/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108320/

Comments