MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75
SHA3-384 hash: d544dbe26749afa8953bd6661bcc741e37c7e6dd4188bdf37f7ef6a8387f49fd5199a3bf43b7ee90e366f025924f8312
SHA1 hash: a5ce08d99cf4f2d090eb5ef3c2111b1a385d8fc5
MD5 hash: fce682b8310149159b86187d7155a30f
humanhash: fish-ceiling-early-helium
File name:fce682b8310149159b86187d7155a30f.exe
Download: download sample
File size:350'123 bytes
First seen:2022-02-24 08:57:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a78d55f3f7af51443e58e0ce2fb5f6 (720 x GuLoader, 451 x Formbook, 295 x Loki)
ssdeep 6144:ibE/HUBEzZrtly4ZFpLH5Bo+H0G9ImcGr3mH3XepSbaik1nW:iblEFplTpLHvo09Impr3mH3laisW
Threatray 992 similar samples on MalwareBazaar
TLSH T12C741320FB55C593C7F90130187A53FB8FB5BA7811A69B930360DE8D7D63B90A629F90
File icon (PE):PE icon
dhash icon c4dadadad2f492c2 (25 x GuLoader, 14 x RemcosRAT, 7 x AgentTesla)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/244168/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7281/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/621748763b743d74eee46848/reports/bb80e18c-94d0-42dc-bbb5-bfdf0f3bc07d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e6571cce-b9d8-4710-92ff-725151f03ea4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/945649
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75/
Threat name:
Win32.Trojan.Shelsy
Create hunting rule
Status:
Malicious
First seen:
2022-02-24 03:43:18 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1e91797d780199345ea85b22c70d351f59e01273c4446b3bfaee788cf0b9c91b
52ebcedc43fa6df723891a109c63a4643074595d67a279d558d177940a5a5a97
545e0ad68832f2c8806d7ff7e5c712440869cf865ca3cd88a65e80a9a51b7095
6fe5339787d8f43616b237184b590f5eddd691221bebd67f3847a9c1bb510417
704ad16ef9755c35a9f52a3cd99f8ea83a53a6f7786472b3ea458eeb9730505b
70ee73260835cf8043fa9f1e2034b4477498ee760e3de2c77f89f25d1ab906e9
785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853
b6a0cc1e5488c0c9f1429d1744f8c2f81f7dce4229b8322fbdad043cd9084b1f
+ 982 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220224-kwlwbadgeq/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75
MD5 hash:
fce682b8310149159b86187d7155a30f
SHA1 hash:
a5ce08d99cf4f2d090eb5ef3c2111b1a385d8fc5
Link:
https://www.unpac.me/results/dcf1af52-41b4-4a8b-97e0-416be4efdbe6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 18b84f5b722ab71d8ad1ccbf30cfed1e168c055fa1bf15fd922a2278a3375f75

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2055590/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/244168/

Comments