MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a
SHA3-384 hash: 8c09f73c146a602a19c87fbc836e350d156df0992e37a4b8a41e97f6c752ca083bda7a3762d6a18c84848422d66b3eb1
SHA1 hash: 8b77f5e6656230001989cc3d828aa43ce445aaac
MD5 hash: d0cc2d9d58432cf09c6aac7856f75b93
humanhash: oven-johnny-tango-kilo
File name:Nitro Generator - Linkvertise Downloader_X7-KHW1.exe
Download: download sample
File size:2'705'872 bytes
First seen:2021-11-20 22:12:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 49152:+qe3f6atzD7+H98AHaCfu60WmHCL+WuTmuKwEt:vSiwD7E9vButWmHCK5NKXt
Threatray 179 similar samples on MalwareBazaar
TLSH T144C5D03FB2EA6D7EC47A06394572929858376E70641A8CDA07FC250DCF27460BE3B715
File icon (PE):PE icon
dhash icon f87cb68aca92c9c8 (1 x Adware.Generic, 1 x Sality)
Reporter JaffaCakes118
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Seebri - Linkvertise Downloader_JBUg-l1.exe
Verdict:
Suspicious activity
Analysis date:
2021-11-18 17:51:02 UTC
Tags:
installer
Link:
https://app.any.run/tasks/891ec143-3864-4af8-a107-abaf1caa5d00

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

PUA.Win.Packer.Pequake-4
Create hunting rule

PUA.Win.Adware.Installcore-9762655-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
virus
Link:
https://www.filescan.io/uploads/619972f0dd04e7d00e0026ca/reports/23c53076-7a07-4391-a259-8c93dbd7343b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4c549325-1870-47e0-897d-a1c029a56db1
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
30 / 100
Link:
https://www.joesandbox.com/analysis/893166
Signature
Multi AV Scanner detection for submitted file
Obfuscated command line found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 525639 Sample: Nitro Generator - Linkverti... Startdate: 20/11/2021 Architecture: WINDOWS Score: 30 90 Multi AV Scanner detection for submitted file 2->90 92 Obfuscated command line found 2->92 8 Nitro Generator - Linkvertise Downloader_X7-KHW1.exe 2 2->8         started        12 msiexec.exe 25 2->12         started        process3 file4 50 Nitro Generator - ...nloader_X7-KHW1.tmp, PE32 8->50 dropped 98 Obfuscated command line found 8->98 14 Nitro Generator - Linkvertise Downloader_X7-KHW1.tmp 9 41 8->14         started        52 C:\Windows\Installer\MSIFE81.tmp, PE32+ 12->52 dropped 54 C:\Windows\Installer\MSIFC2F.tmp, PE32+ 12->54 dropped 56 C:\Windows\Installer\MSIFA3A.tmp, PE32+ 12->56 dropped 58 16 other files (none is malicious) 12->58 dropped 18 msiexec.exe 12->18         started        20 msiexec.exe 12->20         started        signatures5 process6 dnsIp7 84 8.8.8.8 GOOGLEUS United States 14->84 86 13.224.194.156 AMAZON-02US United States 14->86 88 3 other IPs or domains 14->88 60 C:\Users\user\AppData\...\ccsetup586_slim.exe, PE32 14->60 dropped 62 C:\Users\user\AppData\...\zbShieldUtils.dll, PE32 14->62 dropped 64 C:\Users\user\AppData\Local\...\botva2.dll, PE32 14->64 dropped 66 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 14->66 dropped 22 ccsetup586_slim.exe 41 67 14->22         started        27 chrome.exe 176 14->27         started        29 msiexec.exe 1 14->29         started        68 C:\Users\user\AppData\Local\...\CloseFAH.exe, PE32 18->68 dropped 31 CloseFAH.exe 18->31         started        file8 process9 dnsIp10 76 151.101.0.64 FASTLYUS United States 22->76 78 5.62.40.203 AVAST-AS-DCCZ United Kingdom 22->78 82 3 other IPs or domains 22->82 42 C:\Users\user\AppData\Local\Temp\...\pfBL.dll, PE32 22->42 dropped 44 C:\Users\user\AppData\Local\...\nsProcess.dll, PE32 22->44 dropped 46 C:\Users\user\AppData\Local\...\inetc.dll, PE32 22->46 dropped 48 66 other files (none is malicious) 22->48 dropped 94 Query firmware table information (likely to detect VMs) 22->94 96 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 22->96 80 239.255.255.250 unknown Reserved 27->80 33 chrome.exe 27->33         started        36 chrome.exe 27->36         started        38 chrome.exe 27->38         started        40 conhost.exe 31->40         started        file11 signatures12 process13 dnsIp14 70 23.35.236.201 ZAYO-6461US United States 33->70 72 162.252.214.5 TUT-ASUS United States 33->72 74 62 other IPs or domains 33->74
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a/
Threat name:
Win32.Trojan.OfferCore
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 11:06:06 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c
26ba40a83c4dd2e31ae8d1cd1595cc9723cad21a4ee2f7c54d422350bce7effb
6f522cc6adbe791575df40a518ba10c89cb54af0d849be0841b036b05d441fa9
a7fab8c1fc7ffc5002452f5a783f7a43b263ad302fab8d9fdd412610122f77ce
cb55e00c2fc38e06759379f12f6ab27310d6b61f27a3c510549f326afb17d0e9
d327f4e4f6c73e96c204d77355171ca6fd7b29c54b234f0bdf97398e04179edc
d62d2888067b3dab7d93cba362202c4a17c086c531949b071f9758866b4c9d6b
d8a0ad3d3b54d49dea84a6ac1d38082c5ba246d13c9060543cff213fc3dc5260
+ 169 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211120-143f2agch5/
Behaviour
Modifies system certificate store
Script User-Agent
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
8dc40627fa4c09f7fd6df78e3ad03d7db3767010e15418dba24e63754dcbc59b
MD5 hash:
74fad5c6cd2d3af1fa257b5e9531993a
SHA1 hash:
ab701031918456195cf9a12a8b33f9417a9f6496
Link:
https://www.unpac.me/results/00bc6a3e-78ac-4835-9a94-3dae5f452a46/
SH256 hash:
10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a
MD5 hash:
d0cc2d9d58432cf09c6aac7856f75b93
SHA1 hash:
8b77f5e6656230001989cc3d828aa43ce445aaac
Link:
https://www.unpac.me/results/00bc6a3e-78ac-4835-9a94-3dae5f452a46/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/207826/

Comments