MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 157b6c8ad1878d8b5409de11821047963558fde4a79a2ead3923dfcc91035a6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Babadeda

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	157b6c8ad1878d8b5409de11821047963558fde4a79a2ead3923dfcc91035a6a
SHA3-384 hash:	7a4b1d2d2591f7fd9b5bf5102abeb51fd8a67103da1705be4750d9a1cd4e39944e256929be0ff7ceeee1b48666514be2
SHA1 hash:	ab298eab9b5292520a7685d170df04d0c1d02272
MD5 hash:	6020c79b4ea5aefd2838edeb8afb1756
humanhash:	table-speaker-skylark-papa
File name:	6020c79b4ea5aefd2838edeb8afb1756.exe
Download:	download sample
Signature	Babadeda Create hunting rule
File size:	1'752'602 bytes
First seen:	2022-12-27 09:20:31 UTC
Last seen:	2022-12-27 10:31:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9369b8cbf820fedf4c7837b944ee2543 (8 x Babadeda, 1 x Amadey)
ssdeep	24576:WWcmFw0ThuITmtC0s6vunwVITDkQLGjSnMn/+HHbntydHXGAFXYHrM5HbREDKU92:1aCOEFDh4l2nEXGSesH69Ya+aU8bI
Threatray	55 similar samples on MalwareBazaar
TLSH	T1A98533D0C1162DAFF1A37A728ADABE9BC7A3944121071D0CBC7360C7789A3D694D1BE5
TrID	54.9% (.EXE) UPX compressed Win32 Executable (27066/9/6) 13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 9.1% (.EXE) Win32 Executable (generic) (4505/5/1) 6.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1) 4.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	2e2e5630adc9ce48 (12 x Babadeda)
Reporter	abuse_ch
Tags:	Babadeda exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

181

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

6020c79b4ea5aefd2838edeb8afb1756.exe

Verdict:

Suspicious activity

Analysis date:

2022-12-27 09:25:44 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/69d8de10-1cba-49d4-a3d5-0b7a3957d6d1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.UpxProtector-1

PUA.Win.Adware.Dealply-6619273-0

PUA.Win.Adware.Dealply-6888374-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Searching for synchronization primitives

Delayed reading of the file

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

greyware overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/63aab90706f34cc0fa524729/reports/18086573-d681-467b-9040-86e144b7c3c4/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a4449484-d776-4857-b554-0e2d2bd93456

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1141478

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/157b6c8ad1878d8b5409de11821047963558fde4a79a2ead3923dfcc91035a6a/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cv5wzcwrq6gywvaj3yiyeechsy2vr7peu6nc5ljzepp4zeidljva._file

Verdict:

unknown

Similar samples:

06089228420b587517a8674d586b6a2880b939d15775ca8e0a64c4364daadeed

1a98be3c94ae7a5f690fbed35341b989b8a28132f59784bb68ec91a1c850666d

37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013

3faabdca1f4040c7f6038c8532542316562b4c8febe4f4a2b2671dbe103305bd

46e406fe4b978a36a98282420eed3c40ddb1c3818575015f9980597e770513d3

925b2a6cffe8f4835e1fd4db52b33a863adc953be537638be28462c82389e9e0

a6d25755fa8924d8df0ccbf885516f13ab602bae86462388cc146e8e5191cece

e6cc9c8fdeb23608fb3566df3fb8ada07aac8a9fc5e333303fdb3db730a5b5e8

eb67f3f67c1959e1921e8f4837d96cbb71c0063e4eadfe5260c90e0c4f477c84

+ 45 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/221227-lbc84shg71/

Behaviour

UPX packed file

Unpacked files

SH256 hash:

e092f68d607301cc6e8c447b0fe7b901dc54fb58fa483c4860bff67fda7e5e56

MD5 hash:

080ea2ccbf67aecb9f676633c6c31d54

SHA1 hash:

c33f20939e20c6f2189c254b21d39cea242acf9b

Link:

https://www.unpac.me/results/adc17c48-bc70-441c-ae9e-e06715351348/

SH256 hash:

157b6c8ad1878d8b5409de11821047963558fde4a79a2ead3923dfcc91035a6a

MD5 hash:

6020c79b4ea5aefd2838edeb8afb1756

SHA1 hash:

ab298eab9b5292520a7685d170df04d0c1d02272

Link:

https://www.unpac.me/results/adc17c48-bc70-441c-ae9e-e06715351348/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.08

Link:

https://yomi.yoroi.company/submissions/157b6c8ad1878d8b5409de11821047963558fde4a79a2ead3923dfcc91035a6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 157b6c8ad1878d8b5409de11821047963558fde4a79a2ead3923dfcc91035a6a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2423779/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample