MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 164141bfd473324a9b7f87c4c194c0b2245167228aec970f0487e3a6566b15f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 164141bfd473324a9b7f87c4c194c0b2245167228aec970f0487e3a6566b15f5
SHA3-384 hash: 7c5fe1e94311056a6d3f89bb27e91d0402237f8c22e9959ab98c1aa4127ab674a96d449cc85460eac270ed5984bca720
SHA1 hash: 3e800675806811fd8df1d79e8ba4d061f6dae7fd
MD5 hash: 78d963ec07240b611f40681f811be52d
humanhash: lamp-magnesium-solar-bulldog
File name:50.exe
Download: download sample
File size:419'840 bytes
First seen:2021-11-19 15:00:46 UTC
Last seen:2021-11-19 17:07:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3f73c96fb1d922a30a3416f2e6ce2fd6
ssdeep 6144:K2RT/G3tLi2FwinMUFWsRROxOG8DS2TYgr6zviE+oVm7e4mVTt9ZrkQib9pIo9Dj:ZG3twiUJ0nDL67t+jGdOYo9H
Threatray 51 similar samples on MalwareBazaar
TLSH T13C94BD06A35406F9D1738174C96A590AE672781687B1CA7F03ECA67B5F372908E3BF31
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
50.exe
Verdict:
No threats detected
Analysis date:
2021-11-19 15:29:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b5bf2c4a-6408-4471-8336-71596d039254

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
SecuriteInfo.com.generic.ml.27819.22711.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6197bc3043e8f62b669a87b4/reports/6c918e19-2b3c-49b7-b7c3-039f1e3d13ff/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8939b0e8-8511-42e4-9011-97b01097a221
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/892712
Signature
Machine Learning detection for sample
Uses cmd line tools excessively to alter registry or file data
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 525185 Sample: 50.exe Startdate: 19/11/2021 Architecture: WINDOWS Score: 56 66 Machine Learning detection for sample 2->66 11 50.exe 2->11         started        13 50.exe 2->13         started        15 50.exe 2->15         started        process3 process4 17 cmd.exe 1 11->17         started        signatures5 60 Uses ping.exe to sleep 17->60 62 Uses cmd line tools excessively to alter registry or file data 17->62 64 Uses ping.exe to check the status of other devices and networks 17->64 20 50.exe 17->20         started        22 PING.EXE 1 17->22         started        25 conhost.exe 17->25         started        process6 dnsIp7 27 cmd.exe 1 20->27         started        30 cmd.exe 1 20->30         started        58 192.0.2.237 unknown Reserved 22->58 process8 signatures9 68 Uses ping.exe to sleep 27->68 32 50.exe 27->32         started        34 PING.EXE 1 27->34         started        37 conhost.exe 27->37         started        70 Uses cmd line tools excessively to alter registry or file data 30->70 39 conhost.exe 30->39         started        41 reg.exe 1 1 30->41         started        process10 dnsIp11 43 cmd.exe 1 32->43         started        46 cmd.exe 1 32->46         started        56 127.0.0.1 unknown unknown 34->56 process12 signatures13 72 Uses cmd line tools excessively to alter registry or file data 43->72 48 reg.exe 1 43->48         started        50 conhost.exe 43->50         started        52 conhost.exe 46->52         started        54 reg.exe 1 46->54         started        process14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/164141bfd473324a9b7f87c4c194c0b2245167228aec970f0487e3a6566b15f5/
Threat name:
Win64.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-11-19 15:01:05 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
100ab1a8d68493c43a477aa54948803f96a31b4c7854840a505de009d6c360a8
22e899eddfcdd250f184f10d71b117c2b6a1625847ba5c46c39ee6245afc1ef2
2a2b204b3d8df0388dd42a8fa5b7e9652f262c15b92de6ff13fec8778a6aac3f
33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403
69c6638c277af7f94f34c6f1ea1cee9d7cf5ee7a1e8ef0d2df527f8d6a529f5f
880e2c5548284e08c44028f419a98350fa58e9f758a57f4ddb7b5d6e48fc7eb9
b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
b2a4b60dd0c7e9dfa6d88e9badad810ff74c5f42054b7af22e95fb5553d67331
b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa
e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36
+ 41 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211119-sdwa2aaffm/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
164141bfd473324a9b7f87c4c194c0b2245167228aec970f0487e3a6566b15f5
MD5 hash:
78d963ec07240b611f40681f811be52d
SHA1 hash:
3e800675806811fd8df1d79e8ba4d061f6dae7fd
Link:
https://www.unpac.me/results/e79a40e4-9de4-4cee-a448-98558ad7c897/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/164141bfd473/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/164141bfd473324a9b7f87c4c194c0b2245167228aec970f0487e3a6566b15f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/207629/

Comments