MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e1910e710d721ff5b3eb050c47d963aac56df963ad2fbb5ff9decb47ce5e8b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e1910e710d721ff5b3eb050c47d963aac56df963ad2fbb5ff9decb47ce5e8b1
SHA3-384 hash: fd5e8a43104d738e6a569aaa55d5b383320e814b8416ec7555dfbcefcce3c5ccc8eb02719a849cdce7429f8cd1baa041
SHA1 hash: ab9943b2fca662209a2bf9359da868743865a56d
MD5 hash: 929e7877c3677f71542c41e17d27de1d
humanhash: utah-mockingbird-beryllium-wyoming
File name:overd0se loader.exe
Download: download sample
File size:3'138'560 bytes
First seen:2021-09-08 22:20:05 UTC
Last seen:2021-09-08 23:19:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e5467cba76f44a088d39f78c5e807b6 (131 x DCRat, 112 x njrat, 79 x RedLineStealer)
ssdeep 49152:A/sFAjbFdEAfv+3iXJNiNbJ4MT6qsZ1c4kauf7wBL+c6+9IhyVsD14M5hvescy31:A/sY2Azf8do/cqlKcChyVsx4cvescy33
Threatray 11 similar samples on MalwareBazaar
TLSH T11CE53319B979E046F4B49CFA05D9CAFB3952CF406F18C491B72928856F76B482BDC8CC
dhash icon 4555717151516541
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
overd0se loader.exe
Verdict:
Malicious activity
Analysis date:
2021-09-08 21:05:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/133c7113-c863-4da5-8d08-b7d91cedb0a4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186452/
Detection(s):
PUA.Win.Packer.EnigmaProtector-9852682-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5197d56d-42b5-45c8-9940-5419776bac70
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/847716
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e1910e710d721ff5b3eb050c47d963aac56df963ad2fbb5ff9decb47ce5e8b1/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-09-06 14:00:03 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
12 of 45 (26.67%)
Threat level:
  1/5
Verdict:
suspicious
Similar samples:
0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb
37d2577e213a70576f2c33b0a22562a4044fd7a8ec07f295148e39e0b7cdb83a
41c2bbd61ad11d1fd1e1c8771edd92d1ab5df475c65764c2c5153f6afef84894
5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
9bf25f26d20ce89c9a218af61f322f35c79454848f61ad7d72f04ea2c6f33825
be08ab1ce25fee08933f9538121460516ae66f5cd881dd06613c0d7c8882e7e0
f4901daf97516f9a9b54233dd81810398de07db40d47072f37d90b4225387fd2
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210908-18385afbe5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
1e1910e710d721ff5b3eb050c47d963aac56df963ad2fbb5ff9decb47ce5e8b1
MD5 hash:
929e7877c3677f71542c41e17d27de1d
SHA1 hash:
ab9943b2fca662209a2bf9359da868743865a56d
Link:
https://www.unpac.me/results/26acd284-0272-40cc-830c-7f697761723c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.62
Link:
https://yomi.yoroi.company/submissions/1e1910e710d721ff5b3eb050c47d963aac56df963ad2fbb5ff9decb47ce5e8b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/186452/

Comments