MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2009b71b6184f9e235d604b7b6e4afb7021453ceb3f35631edba7c6be3d729d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	2009b71b6184f9e235d604b7b6e4afb7021453ceb3f35631edba7c6be3d729d8
SHA3-384 hash:	cd09012d5bef54a0d53ded74891c74736e165a4157c126c89cf2d7637a352cf2e9c8ba22b562ac6a2e4c8cc8190fb096
SHA1 hash:	a7745b9f6e8d1376107a10208fd93f154623a015
MD5 hash:	c277b4a70743041f28445f57129a9927
humanhash:	lithium-bravo-paris-maryland
File name:	arg_rar.exe
Download:	download sample
File size:	1'984'064 bytes
First seen:	2022-09-20 03:45:56 UTC
Last seen:	2022-09-20 04:54:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e569e6f445d32ba23766ad67d1e3787f (259 x Adware.Generic, 41 x RecordBreaker, 24 x RedLineStealer)
ssdeep	24576:97FUDowAyrTVE3U5Fm2T7WZVoA/dKTC7ro5x7awFhJdNo69lOy7KTijlY:9BuZrEUnCZ2A/ETS055DdN7POGjS
Threatray	345 similar samples on MalwareBazaar
TLSH	T1EB95D03FF268A13EC5AA1B3205B39220997B7A61781A8C1F47FC344DCF765601E3B656
TrID	49.7% (.EXE) Inno Setup installer (109740/4/30) 19.5% (.EXE) InstallShield setup (43053/19/16) 18.8% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 4.7% (.EXE) Win64 Executable (generic) (10523/12/4) 2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter	1ZRR4H
Tags:	Digital Robin Limited exe signed

Code Signing Certificate

Organisation:	Digital Robin Limited
Issuer:	Certum Extended Validation Code Signing 2021 CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-09-14T16:00:18Z
Valid to:	2023-09-14T16:00:17Z
Serial number:	1b248c8508042d36bbd5d92d189c61d8
Intelligence:	8 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	83cff3bcec5e1b36c3ec317f4c6a2022716be3054ba747f0d5ebd82883eb6974
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

243

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

arg_rar.exe

Verdict:

Malicious activity

Analysis date:

2022-09-20 03:48:34 UTC

Tags:

installer

Link:

https://app.any.run/tasks/c7c75138-f352-4b7d-b8fc-d7f653949184

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/311499/

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/38198/overview

Behaviour

MalwareBazaar

CheckNumberOfProcessor

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed setupapi.dll shell32.dll

Link:

https://www.filescan.io/uploads/6329377f39767769653431b9/reports/ab52ee49-73c8-4bad-bcc0-76ef7eab0040/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/1bb1514e-b1b5-4bee-a0a5-afb414d8170c

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

54 / 100

Link:

https://www.joesandbox.com/analysis/1073361

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Obfuscated command line found

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2009b71b6184f9e235d604b7b6e4afb7021453ceb3f35631edba7c6be3d729d8/

Threat name:

Win32.Downloader.Satacom

Status:

Malicious

First seen:

2022-09-19 17:19:50 UTC

File Type:

PE (Exe)

AV detection:

23 of 39 (58.97%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=eae3og3bqt46enowas33nzfpw4bbiu6owpzvmmpnxj6gxy6xfhma._file

Verdict:

malicious

0fa41ef1fdafc8802949cc226b5ef2f8986ce09d2b26f0562b18b4a62c459609

11a7b5537ad0eebf531ae247203c2d8646f1bbcfcb95b195efa385429c4e2241

43ce35a2995cbd1d746f3b5028a07a4e153d40834567ec0576540f06f4dadbd8

64876237acae65667fe8f7ab3ffb01c5674249fa72645e95402e53202b988ea3

802d22bf67b8513307c580f5eab0c07434f0791aa451a47dc261681ab0ddfd29

b91fa9a1d21c823b0a974570af93cc88234eaafb4126909abfe4cac36a91b0c9

b9c3dd797d2a590da62c4824d658ad8decf1ed1ffa77bfaa47f3f12966757a0d

+ 335 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220920-ebmdfsfdgm/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates physical storage devices

Program crash

Drops file in Program Files directory

Suspicious use of SetThreadContext

Checks computer location settings

Loads dropped DLL

Unexpected DNS network traffic destination

Executes dropped EXE

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1fedc75c-2e14-4aff-aa47-87c77d188744

Unpacked files

SH256 hash:

0d6fab7acf2286897b66586018655432c64e8f3718addf10e7ff7c69cba6e09e

MD5 hash:

2638517ee84af9fb8abff194a32583ca

SHA1 hash:

be37e32f801a07f03b5f763e68d9e46b544b5a76

Link:

https://www.unpac.me/results/803da5d7-a35c-43cf-9677-e6ab19ea0002/

SH256 hash:

f49aefb68a1e66c0b6454e9ce51430229f68e8c644dd2de60def4029f204978f

MD5 hash:

e8bbd5425ac1507a72fad12f513135d0

SHA1 hash:

6700c181e93d7787df9bd930dc37bcc1c29306c7

Link:

https://www.unpac.me/results/803da5d7-a35c-43cf-9677-e6ab19ea0002/

SH256 hash:

2009b71b6184f9e235d604b7b6e4afb7021453ceb3f35631edba7c6be3d729d8

MD5 hash:

c277b4a70743041f28445f57129a9927

SHA1 hash:

a7745b9f6e8d1376107a10208fd93f154623a015

Link:

https://www.unpac.me/results/803da5d7-a35c-43cf-9677-e6ab19ea0002/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/2009b71b6184f9e235d604b7b6e4afb7021453ceb3f35631edba7c6be3d729d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/311499/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample