MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797
SHA3-384 hash: f4e698915ed880ce0691c108489456166af920ab386ac130e1420f22801806815f96a3a126bd98531a7bed3bb6401ef8
SHA1 hash: c4bb9ca0b75851a7cb36f5359383c33763f871c8
MD5 hash: 6fff48b0487aaff9d4a7e9032f1a9aec
humanhash: missouri-fanta-east-orange
File name:6fff48b0487aaff9d4a7e9032f1a9aec.exe
Download: download sample
File size:16'384 bytes
First seen:2024-04-02 17:22:46 UTC
Last seen:2024-05-03 18:45:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7b4aa3f51180154f434776a3c7ed1e5b
ssdeep 192:D+ACeYqeviSJDCWzvYeFqfrPwolraE/cmOPoR4y3Qkuu5LjjfO7If++7uLa3wRy:qqYqepmsvVFqf7kmOPoR4XkHoIzKfR
TLSH T1BD722810EDE08F22D4F346B864FC6796493D28599F7581FF299124B8CC716C3A936B27
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter smica83
Tags:exe LeprechaunHvnc

Intelligence

File Origin
# of uploads :
3
# of downloads :
336
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797.exe
Verdict:
Malicious activity
Analysis date:
2024-04-02 17:24:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/93b05644-3f4f-4684-ac86-4b243ce0cdd3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Connection attempt
Sending an HTTP GET request
Verdict:
Malicious
Labled as:
Trojan.FU.Generic
Link:
https://www.hybrid-analysis.com/sample/1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1587dbeb-e4f5-46d1-bbe6-9c457a7bc9ae
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1418938
Signature
Antivirus / Scanner detection for submitted sample
Found stalling execution ending in API Sleep call
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-03-27 00:32:51 UTC
File Type:
PE (Exe)
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dudvhpvkxrtasyf3kkl7ipvohajimr6cui5qfmsvazdnlcx7q6lq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240402-vx44dsgc91/
Unpacked files
SH256 hash:
1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797
MD5 hash:
6fff48b0487aaff9d4a7e9032f1a9aec
SHA1 hash:
c4bb9ca0b75851a7cb36f5359383c33763f871c8
Link:
https://www.unpac.me/results/d6811a44-25d7-45da-aa80-5c31959ea587/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/naumovax/status/1775185431237206209?t=atUSN5w8QIY2qazpNcjv9A&s=19

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleA
KERNEL32.dll::WriteConsoleW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileA
KERNEL32.dll::CreateDirectoryA
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::GetUserNameW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyW
ADVAPI32.dll::RegOpenKeyW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetKeyValueA

Comments