MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4
SHA3-384 hash: dc5508e17253049eec7faf6489e5a4516306c1ab89c3e32411b93b487e8af7c93c4d43bac792213367d4bc16704762c4
SHA1 hash: 6532060786346311b5da37d3fc24568bf3829400
MD5 hash: 9e31bdb66061e7cd6504c029c4336a18
humanhash: lamp-salami-fifteen-uniform
File name:11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4
Download: download sample
File size:275'200 bytes
First seen:2021-07-12 07:12:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 11c53db08acbf381e6464eff0779c2c6
ssdeep 6144:cYqO+AUWePiNMmm1rJf7A/Kt4ZLG9RrohOweHI:9F+rWgxlfHSSDo7
Threatray 29 similar samples on MalwareBazaar
TLSH T143446C55B3A50CF9E8738139C8524506E6B278460771DBFF03A49766EF236D09D3EB21
Reporter JAMESWT_WT
Tags:BIOPASS exe signed

Code Signing Certificate

Organisation:Happytuk Co.,Ltd.
Issuer:Symantec Class 3 SHA256 Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2018-09-06T00:00:00Z
Valid to:2021-10-05T23:59:59Z
Serial number: 0ed4df1033393ff2af41c571a6aa19d7
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: f78de1e59df2eac7901d4fa7d66e9818204a5c4c9b630bb2ff9439c2dea8b5b5
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4
Verdict:
No threats detected
Analysis date:
2021-07-12 07:59:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/694a49ff-fc88-4fe4-adb9-8933ca9eec54

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170968/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46174078.489.4433.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1dfa65ef-0c5c-4f6e-9530-eb7635cc2fd6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/814586
Signature
Antivirus / Scanner detection for submitted sample
Contain functionality to detect virtual machines
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-04-25 17:00:49 UTC
File Type:
PE+ (Exe)
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02efd5f4d8dedabeab8e75f3e49a8fdb05c28dfd39bc1e5c96e8213fe3212e9f
14bdf9b3bcb10c51b8dc10275ced93259dbf62ce31331ab3ccf6e5317d7a3cf5
31c7527f79e0dd898ed7e05ea74e093f800c02a142d2d3a68a8dcdc3ea601ed6
3a226a3d31e8ba855fbc78efb76f820306f4f60e979333b241c7dadd70a5740d
60755909e216dc65f11b7b49ae73ad3e08cb1c5e4255916ea195dbd896f3ae73
9d0cc73772d79a0561d03db4e6aca9fad9b125afbbc7f2b4f7f3df25eeed56a0
ca4b4b00239f166e04f394e397ce99d74129ca1917b8f95a92b8c722c9991832
d2eee2fa771e54c1a44cfc4d40eef50be4776a25987b72633f7b91faf2302092
dddf1d1b2b58721f04fe1eb77804d02fb5fc14deca7d8b4f6a9ce3c55644090e
f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210712-jtgtf9naka/
Unpacked files
SH256 hash:
11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4
MD5 hash:
9e31bdb66061e7cd6504c029c4336a18
SHA1 hash:
6532060786346311b5da37d3fc24568bf3829400
Link:
https://www.unpac.me/results/f6d04657-b126-4121-a75b-338d9c5d6d06/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.52
Link:
https://yomi.yoroi.company/submissions/11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/170968/

Comments