MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b
SHA3-384 hash:	3927c3784d7e99605417d5619e3576a2641663eea13066465483ee82896c83bcdba6178864fb7e997db076a91d7cee37
SHA1 hash:	b322e09d207866ae22a7d4bc48ded08fee80ecb6
MD5 hash:	8f1b80307513713a13b552f09c84c059
humanhash:	kitten-johnny-leopard-harry
File name:	8f1b80307513713a13b552f09c84c059.exe
Download:	download sample
File size:	12'239'360 bytes
First seen:	2023-02-13 14:47:42 UTC
Last seen:	2023-02-13 16:35:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4669d3101b93c0434b0a4ff67f74e387
ssdeep	196608:eR+IUT6ycTZrIEW04lHPan1bOWBIf05Zzk+cG1V7CWKW3j5eAb3QaNwTV/Z6jo1:ZJcTp9AHPILIf05hj9n7vv39eAb3QRTB
Threatray	21 similar samples on MalwareBazaar
TLSH	T173C623D115A51690E4EB4720718B17AEB4A1BF9C92FC4D0C7DE14C022F45EBE368B6EB
TrID	38.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.6% (.ICL) Windows Icons Library (generic) (2059/9) 15.4% (.EXE) OS/2 Executable (generic) (2029/13) 15.2% (.EXE) Generic Win/DOS Executable (2002/3) 15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

199

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

8f1b80307513713a13b552f09c84c059.exe

Verdict:

Malicious activity

Analysis date:

2023-02-13 15:06:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/42c46e14-2af2-4429-aa5a-e72bfdd121e7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/365103/

Detection(s):

SecuriteInfo.com.Win64.TrojanX-gen.23748.27199.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file

Verdict:

No Threat

Threat level:

2/10

Confidence:

67%

Tags:

packed

Link:

https://www.filescan.io/uploads/63ea4da5ab3d35df24c43242/reports/4afa3441-4b82-4df1-b316-a2f905193863/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b

Result

Verdict:

MALICIOUS

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/52d5bb3b-8f40-4e97-b5ff-1b5d7af2739e

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1173781

Signature

Antivirus detection for dropped file

Creates autostart registry keys with suspicious names

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-02-13 01:58:10 UTC

File Type:

PE+ (Exe)

AV detection:

12 of 38 (31.58%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=d3yp4soo6jtha7cui2hkaej4a2lf6aq4ugo3gibv3aaapnsrpqvq._file

Verdict:

unknown

58591d220d48fbc565054766db000c1d14250a02c160bfe86370877441e5d2da

61f1a2d39b49ded2ad9e84f9826a33c20e8f35e11ecc43d3eac4e076d6d33caf

804826c7da65f0ef6aba984fc65cd2e701f4d26ef52fedd3dcea5808c4c70542

90e7c78ca1612b6f6e0f2c25e00e4c73e9df86936a243a03a488a3b155334eea

b461d9bfbeae78742a553e7256a7714c5b24f99f032e3f3779b31c3af2458807

b7e70119bad5c9fcd84035b4b9064911f45f0e95a2ec4a84b0ee10105d541055

c7d11c958c790562daf2522a05d7ba39e0c013e810f51ff2013af571d9394679

e5af161ed00bec735dd830bdd0eb3d57aa0df83d75d85684bd5796fbc6565d66

+ 11 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

persistence

Link:

https://tria.ge/reports/230213-r6e9vadh54/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Adds Run key to start application

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unpacked files

SH256 hash:

1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b

MD5 hash:

8f1b80307513713a13b552f09c84c059

SHA1 hash:

b322e09d207866ae22a7d4bc48ded08fee80ecb6

Link:

https://www.unpac.me/results/36561500-1105-4c05-9725-f186a3c9f0fa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.31

Link:

https://yomi.yoroi.company/submissions/1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 1ef0fe49cef266707c54468ea0113c06965f021ca19db32035d80007b6517c2b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2469977/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/365103/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample