MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3
SHA3-384 hash: ac56c85263be63bfa87d6a7fb2f4729a318bd80de10906e47d15df02dd7df1d6cb6ea5acb356b9bf9badc3391b78bf89
SHA1 hash: 8a04119b555a9e31af0f86b7e24617f69962189a
MD5 hash: 5d57b0d5c0d1d3bcf26f979df9b6e5b7
humanhash: lion-thirteen-india-yellow
File name:file
Download: download sample
File size:2'908'507 bytes
First seen:2023-12-09 20:32:15 UTC
Last seen:2023-12-09 22:43:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ba3ea0d6362a841ec66a1fc0a1b874f
ssdeep 49152:ufU8KKf4qSBTt5OXekmLALnutWZX13onekTwcGYkfRD25L14tyA6LDeQYLT+UZnP:RZqMjGcWZX1hD05ioQLfpT
TLSH T1AAD533317BCEC5FFDA421172CA9C63B440BA9396091061733F91DC1DAD2DAE1C27BA99
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4505/5/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from https://IOIOUOIUOUOUIYJGROUP.SBS/setup294.exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
310
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/464060/
Detection(s):
Win.Packed.Babar-10011011-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Сreating synchronization primitives
Launching a process
Sending a custom TCP request
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
installer lolbin overlay packed sfx shell32
Link:
https://www.filescan.io/uploads/6574cefe3f60a810348d6f92/reports/70ab75c9-c229-4e3c-a337-b1a0e6f93c70/overview
Verdict:
Malicious
Labled as:
Babar.Generic
Link:
https://www.hybrid-analysis.com/sample/10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/22fc47f4-69fe-4bf4-89ec-202aac521f48
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1357017
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1357017 Sample: file.exe Startdate: 09/12/2023 Architecture: WINDOWS Score: 68 27 Antivirus detection for dropped file 2->27 29 Multi AV Scanner detection for dropped file 2->29 31 Machine Learning detection for sample 2->31 33 2 other signatures 2->33 10 file.exe 3 2->10         started        process3 file4 25 C:\Users\user\AppData\Local\Temp\...\HRjO.CPL, PE32 10->25 dropped 13 cmd.exe 3 2 10->13         started        process5 process6 15 control.exe 1 13->15         started        17 conhost.exe 13->17         started        process7 19 rundll32.exe 15->19         started        process8 21 rundll32.exe 19->21         started        process9 23 rundll32.exe 21->23         started       
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2023-12-09 20:33:06 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
16 of 23 (69.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cduicntxfw75ayurm2mjisinamvlopadl6asmoiyz2pbkhlepkrq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231209-zbtsraadcn/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
040b1fe6ea7527d7a5fe82d20a7d478b8a7825aa9689b555198603d4bc37d890
MD5 hash:
106c50d8f4ef16a8908d7d36a4469c6c
SHA1 hash:
5e46f972b2b696f29074fdb1524d95645a62d4de
Link:
https://www.unpac.me/results/1689705f-647c-4d43-81ef-0a78d37ad45d/
SH256 hash:
10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3
MD5 hash:
5d57b0d5c0d1d3bcf26f979df9b6e5b7
SHA1 hash:
8a04119b555a9e31af0f86b7e24617f69962189a
Link:
https://www.unpac.me/results/1689705f-647c-4d43-81ef-0a78d37ad45d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/10e88136772dbfd06291669894490d032ab73c035f81263918ce9e151d647aa3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2738653/
Cape
Cape
https://www.capesandbox.com/analysis/464060/
  
URLhaus
https://urlhaus.abuse.ch/url/2738682/

Comments