MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 104926c2c937b4597ea3493bccb7683ae812ef3c62c93a8fb008cfd64e05df59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BeaverTail


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 104926c2c937b4597ea3493bccb7683ae812ef3c62c93a8fb008cfd64e05df59
SHA3-384 hash: 46f66406676d28e633d38c04757e03c1a3b3e89bc4f6b50f316425183c4e4ef9a7b321fd226cab5b25fab157e02a0c98
SHA1 hash: 09bebfb101ba44bc6034d79ebe7bed37030abeda
MD5 hash: 8b3c5fa4d1ef167b13716d5062f26c27
humanhash: pennsylvania-massachusetts-earth-juliet
File name:sandwich_bot (1).zip
Download: download sample
Signature BeaverTail
Create hunting rule
File size:81'178 bytes
First seen:2023-12-22 07:52:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:5fAYYHvL+mEueUvte4K9U3X7CBoUK3j3GNfIJs:0PimdeuvX3rcKz3mIS
TLSH T13D8302E7449D8913CC0B453A7091E7424CBAB7B9292D5982E6CD0B867E7320EF2D6743
TrID 58.3% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
8.3% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter smica83
Tags:BeaverTail Lazarus zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
HU HU
File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:WETH.json
File size:6'333 bytes
SHA256 hash: 471599fc0c017e2d06fadaf1e2ff0abc3c22f2a90fad25da790443e79f4c7456
MD5 hash: 0df76e49ed0dd598c26883aecd2f9017
MIME type:text/plain
Signature BeaverTail
File name:package.json
File size:697 bytes
SHA256 hash: 701a09003d8e2d77e3c1399b94641e3260050c1db68d994f0df13d0c66166e71
MD5 hash: e839d826061a5938debe9faa0f0ff0e1
MIME type:application/json
Signature BeaverTail
File name:configurationU.json
File size:49'248 bytes
SHA256 hash: 41bdaea67c7ec671716ae15938857a6a19403ec84612902884b3918c95eff7fe
MD5 hash: 3caca4967a89a0c4fb5dff79cddf5f5a
MIME type:text/plain
Signature BeaverTail
File name:uniswapV3V2.json
File size:29'824 bytes
SHA256 hash: 86632dba110042ad070686a19e654ce629db9811ba6bafd847016a9b1d277c93
MD5 hash: f7fb4cb1e12bb252718038db4ce7fd32
MIME type:text/plain
Signature BeaverTail
File name:uniswapV3.json
File size:16'336 bytes
SHA256 hash: 195bd86d7af2bdef0e59d147c8162cc5925fe6cc970f38ecde79608ae4e47258
MD5 hash: 9cbd94b5ec0c78f9293d0c7b9cde0233
MIME type:text/plain
Signature BeaverTail
File name:uniswapV2.json
File size:15'707 bytes
SHA256 hash: deb5240d72a70b8446fadd2a6799d332215e103d346c8b28797fe633eae48b69
MD5 hash: 9730250820aa1fa057bda025707341d4
MIME type:text/plain
Signature BeaverTail
File name:index.html
File size:7'209 bytes
SHA256 hash: b3000f3f8f631e7a1d635e95290373d1d29e202ca7594d5b85a27f7d07b114ad
MD5 hash: ff15aedea9de3c98583bcae807f4dea6
MIME type:text/html
Signature BeaverTail
File name:logo.png
File size:35'417 bytes
SHA256 hash: df710edddfff14e74ec85dbfb8b27806200c1a3f7c53b52c7ef705e90b8fbfa9
MD5 hash: bccd42d50e03848f03fc31f7da6dac11
MIME type:image/png
Signature BeaverTail
File name:configurationM.json
File size:49'711 bytes
SHA256 hash: 720a6fa5dc0a3b54e0b4717ebf3c321fb1306a7ba24a98e0f5ae85270e66a5f0
MD5 hash: f0c29f5d7f6755cfb56cd7caafa74bee
MIME type:text/plain
Signature BeaverTail
File name:bot.js
File size:17'862 bytes
SHA256 hash: 42e7ba4dc74876211aa9e675a6046f43424044d8b66b116e05b7f152dea9a5f9
MD5 hash: f14cc3250ea6ea30594bee5c0e553d2d
MIME type:text/plain
Signature BeaverTail
File name:configurationP.json
File size:23'693 bytes
SHA256 hash: f25e3269a6576a66ddf0d1ad2dd8f9d6a36b6579cd540da613c94eea47fe9db1
MD5 hash: 467c110c59a67ab8a8f76e4d4ad940a0
MIME type:text/plain
Signature BeaverTail
File name:configurationR.js
File size:7'246 bytes
SHA256 hash: 9867f99a66e64f6bce0cfca18b124194a683b8e4cb0ced44f7cb09386e1b528d
MD5 hash: c8dbcacf2c4462b0465dda855db1f1fe
MIME type:text/plain
Signature BeaverTail
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/65854063b4e856b7282342c8/reports/a96f1694-89d3-4267-8caa-980bcfe8ff25/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/104926c2c937b4597ea3493bccb7683ae812ef3c62c93a8fb008cfd64e05df59
Score:
1%
Verdict:
Benign
File Type:
Archive
Link:
https://malprob.io/report/104926c2c937b4597ea3493bccb7683ae812ef3c62c93a8fb008cfd64e05df59
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/104926c2c937b4597ea3493bccb7683ae812ef3c62c93a8fb008cfd64e05df59/
Threat name:
Script-JS.Trojan.BeaverTail
Create hunting rule
Status:
Malicious
First seen:
2023-09-06 04:42:47 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
11 of 23 (47.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cbesnqwjg62fs7vdje54zn3ihlubf3z4mletvd5qbdh5mtqf35mq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/231222-jyvesscham/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/104926c2c937b4597ea3493bccb7683ae812ef3c62c93a8fb008cfd64e05df59

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/

Comments