MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fa41ef1fdafc8802949cc226b5ef2f8986ce09d2b26f0562b18b4a62c459609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	0fa41ef1fdafc8802949cc226b5ef2f8986ce09d2b26f0562b18b4a62c459609
SHA3-384 hash:	a30a05b072f416caffceedd01ce3a0697ed12290951e7e75f4b9b04350971d471e08d866a17776720952a9e2840c337d
SHA1 hash:	caf056a08abe9dc8dc63ccb93609ad811c248937
MD5 hash:	9d3b27b3a999b235deceb897431d9cad
humanhash:	hot-pluto-carpet-sweet
File name:	file.exe
Download:	download sample
File size:	1'984'192 bytes
First seen:	2022-09-20 03:46:05 UTC
Last seen:	2022-09-20 04:53:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e569e6f445d32ba23766ad67d1e3787f (259 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep	24576:u7FUDowAyrTVE3U5FmqT7z1klhAhH6m5x7awFhJdNo69lOy7KTijlA:uBuZrEUL3ilhAZv55DdN7POGjG
Threatray	345 similar samples on MalwareBazaar
TLSH	T10795C03FF268A53EC46A1B3245B38220997BBA61781A8C1F47FC344DCF765601E3B656
TrID	49.7% (.EXE) Inno Setup installer (109740/4/30) 19.5% (.EXE) InstallShield setup (43053/19/16) 18.8% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 4.7% (.EXE) Win64 Executable (generic) (10523/12/4) 2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter	1ZRR4H
Tags:	Digital Robin Limited exe signed

Code Signing Certificate

Organisation:	Digital Robin Limited
Issuer:	Certum Extended Validation Code Signing 2021 CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-09-14T16:00:18Z
Valid to:	2023-09-14T16:00:17Z
Serial number:	1b248c8508042d36bbd5d92d189c61d8
Intelligence:	8 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	83cff3bcec5e1b36c3ec317f4c6a2022716be3054ba747f0d5ebd82883eb6974
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

247

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file.exe

Verdict:

Malicious activity

Analysis date:

2022-09-20 03:48:34 UTC

Tags:

installer

Link:

https://app.any.run/tasks/20b352aa-700b-4a8b-b4e0-b1594a06c3df

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/311500/

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

Searching for the window

Creating a file in the system32 subdirectories

Creating a file

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/38199/overview

Behaviour

MalwareBazaar

CheckNumberOfProcessor

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

80%

Tags:

emotet overlay packed setupapi.dll shell32.dll

Link:

https://www.filescan.io/uploads/632938313976776965343352/reports/adb9abb3-f01b-49d9-a1b5-fc6e726c0a3b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/1ea6690e-306a-4787-8a86-30b8d26c5eb1

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

54 / 100

Link:

https://www.joesandbox.com/analysis/1073362

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Obfuscated command line found

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0fa41ef1fdafc8802949cc226b5ef2f8986ce09d2b26f0562b18b4a62c459609/

Threat name:

Win32.Trojan.Tiggre

Status:

Malicious

First seen:

2022-09-19 22:56:41 UTC

File Type:

PE (Exe)

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=b6sb54p5v7eiakkjzqrgwxxs7cmgzye5fmtpavrldc2kmlcfsyeq._file

Verdict:

malicious

11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241

2009b71b6184f9e235d604b7b6e4afb7021453ceb3f35631edba7c6be3d729d8

43ce35a2995cbd1d746f3b5028a07a4e153d40834567ec0576540f06f4dadbd8

64876237acae65667fe8f7ab3ffb01c5674249fa72645e95402e53202b988ea3

802d22bf67b8513307c580f5eab0c07434f0791aa451a47dc261681ab0ddfd29

b91fa9a1d21c823b0a974570af93cc88234eaafb4126909abfe4cac36a91b0c9

b9c3dd797d2a590da62c4824d658ad8decf1ed1ffa77bfaa47f3f12966757a0d

+ 335 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220920-eb7pdsbhd2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Drops file in Program Files directory

Suspicious use of SetThreadContext

Checks computer location settings

Loads dropped DLL

Unexpected DNS network traffic destination

Executes dropped EXE

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/c26e08e1-4782-47a0-acc1-1535e04c24f9

Unpacked files

SH256 hash:

e5baf5a1e14b0f68d081229b58ce8bfa801c44b5e5b5594e97c9f2afd1c09774

MD5 hash:

8d8fd1659f849423be711d3914ef37a7

SHA1 hash:

d857ffaee49edab424832d4cad41562e8b52f5ab

Link:

https://www.unpac.me/results/ca0be3e2-a97d-42ea-9220-454bc31806ec/

SH256 hash:

f49aefb68a1e66c0b6454e9ce51430229f68e8c644dd2de60def4029f204978f

MD5 hash:

e8bbd5425ac1507a72fad12f513135d0

SHA1 hash:

6700c181e93d7787df9bd930dc37bcc1c29306c7

Link:

https://www.unpac.me/results/ca0be3e2-a97d-42ea-9220-454bc31806ec/

SH256 hash:

0fa41ef1fdafc8802949cc226b5ef2f8986ce09d2b26f0562b18b4a62c459609

MD5 hash:

9d3b27b3a999b235deceb897431d9cad

SHA1 hash:

caf056a08abe9dc8dc63ccb93609ad811c248937

Link:

https://www.unpac.me/results/ca0be3e2-a97d-42ea-9220-454bc31806ec/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/0fa41ef1fdafc8802949cc226b5ef2f8986ce09d2b26f0562b18b4a62c459609

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/311500/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample