MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5
SHA3-384 hash: b06d1d8ed75dec8f7f1400be2e89166610aeff5c62ef23dcd602a057bcc6fdeebdf2431f249936fba4ec41b53a8f8711
SHA1 hash: 0dabcc90b91fdba99d23ca40aa6e3e7515229f20
MD5 hash: b309c880828d41ec2aff57196e39745d
humanhash: pennsylvania-november-pasta-sierra
File name:b309c880828d41ec2aff57196e39745d.dll
Download: download sample
File size:1'277'361 bytes
First seen:2022-01-26 15:33:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:Ca1QHwgJMrQqj/wAc6QORNx2nAjwkaUm0GV9igWQlnwXwBwfaljN1X4GtZ+FdnZw:wnEKFj
TLSH T1A245EF43180C819F9867D76421671D97EEF87E47F2C84E2ED1E428B84AEBDA674C604F
Reporter abuse_ch
Tags:dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b309c880828d41ec2aff57196e39745d.dll
Verdict:
No threats detected
Analysis date:
2022-01-27 00:04:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8c7ed63e-7294-461c-a08d-3e2801df0667

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/223455/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61f16a4159d130b02a53ef4c/reports/ba78b587-f373-407e-955c-8bd1698731ca/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/66cfea4b-3e49-4eed-9de6-5584858f7140
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/928089
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5/
Threat name:
ByteCode-MSIL.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2022-01-26 15:34:17 UTC
File Type:
PE+ (Dll)
AV detection:
8 of 43 (18.60%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220126-s1kstaeehq/
Unpacked files
SH256 hash:
1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5
MD5 hash:
b309c880828d41ec2aff57196e39745d
SHA1 hash:
0dabcc90b91fdba99d23ca40aa6e3e7515229f20
Link:
https://www.unpac.me/results/ecf07d4b-9e0d-4578-aedb-1e7c3fa252ba/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1974505/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/223455/

Comments