MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca
SHA3-384 hash: 0f173698d2e1895b4cbb82c8c1958a843306466692d0ba1a9fbdd8cf33930a5e67ef7e7ea6e3cc79187c0081f8972de4
SHA1 hash: 0d3c1e6d577af490de256a6fe2dd01ead083f9ee
MD5 hash: fca1141b7d9f719073f85de29a883a8c
humanhash: hamper-spring-zebra-kilo
File name:ArkBox loader.exe
Download: download sample
File size:4'026'880 bytes
First seen:2021-11-28 09:05:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 98304:ffvp6XxDskxMTU5kY+yiPGMCh2tbX9JnPgLUpp2Wc:fghH9r+ypMi2DJYQR
Threatray 1'778 similar samples on MalwareBazaar
TLSH T13C16129D3274798EC463DC7D9A85ECF4AE506D36831B410394E30E9BBADE896DF110E2
File icon (PE):PE icon
dhash icon 72b09096a6949218
Reporter tech_skeech
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ArkBox loader.exe
Verdict:
No threats detected
Analysis date:
2021-11-28 09:08:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/493fed3b-7d43-4f21-a8ae-cfddd100fc58

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Сreating synchronization primitives
Sending an HTTP GET request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61a3467ec4c53141481fe08f/reports/5dca3d4f-9b74-4feb-b258-1572e8732ff6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f38d4407-a284-497f-9d39-fcf589fe90c1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/897324
Signature
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-27 18:20:00 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
11
AV detection:
17 of 28 (60.71%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
477e132d01be6d0173535f7dca9b686ec765caccb85a12ed8ad8e4afe81d98a3
55f1305bad8076d3c22ce42ca8e8383b04e4463cbcbd6b8d846422cbd2317a05
7148bb41fee90f24843a31006add5c84e658ccc3583149c0b2b01d6b69aaeaca
7afee7db42c479f35a2b5ca2bd9603342016b3a0f73ebf3bd2e9f6ca41adf2b2
7fc3016705992d80a983c5de4cf83c1c75b3aae80c23eb00b7563cd97116181e
a26f73bdf4e245179dc1920119de2dc3b64a24f36e14ba324eba469e066bdc93
b9f69c00382263ef01dae610684fd189f82b2502b0175819362bb339b7f3878f
c87e6397cfee421392ddb68a814bc6370ff72ab3d32606ec147d66b8ed70db50
df1534cde336da3669ca6a0fc274df68ab3b76d03eb35223f3916692ede16ca2
e64cc16a4434a1db6a4d0d5bad1d22f8436a97b2c0309de90922495f6d925ed4
+ 1'768 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211128-k2rzhsghen/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca
MD5 hash:
fca1141b7d9f719073f85de29a883a8c
SHA1 hash:
0d3c1e6d577af490de256a6fe2dd01ead083f9ee
Link:
https://www.unpac.me/results/1d5e8a8a-5f8c-43c9-b908-25abff088584/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 19f221e3d5d01b6f9d55d2effc6922902fe43f4efcdedcba5e2d8dd836f55eca

(this sample)

  
Delivery method
Distributed via web download

Comments