MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 228a38662f3748adbbfee3d9e41d294d88735e2c461360fcdb67410d75928e5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mansabo

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	228a38662f3748adbbfee3d9e41d294d88735e2c461360fcdb67410d75928e5b
SHA3-384 hash:	16f89db73e41381e1a4b1bc45369f0d8e129890165b52c6172b5837c845eb6dfe8da9daf0d9c78629a853b37950ae7bf
SHA1 hash:	d7d9e07b67de4ddedefed27bbdc32eb6a4fe47fe
MD5 hash:	c963511194c2157b3a3d608fc9cbba60
humanhash:	asparagus-twelve-equal-seven
File name:	virussign.com_c963511194c2157b3a3d608fc9cbba60
Download:	download sample
Signature	Mansabo Create hunting rule
File size:	1'330'264 bytes
First seen:	2022-07-15 17:24:30 UTC
Last seen:	2024-07-24 12:09:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	58471b8a9f8702d1a9e4838d7b7d501a (9 x TrickBot, 5 x Mansabo)
ssdeep	24576:zQ5aILMCfmARvKYYwdy2VlmNCQgIT0rKiwnotfRbNNNOq:E5aIwC+Ax4ErWThi7JRbNl
Threatray	2'994 similar samples on MalwareBazaar
TLSH	T11355E129DB247966F253457576102A9F3C418D3811A3DF86EB86C9CDB402EA3F2F532B
TrID	54.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 18.3% (.EXE) Win64 Executable (generic) (10523/12/4) 8.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.8% (.EXE) Win32 Executable (generic) (4505/5/1) 3.5% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	KdssSupport
Tags:	exe

KdssSupport

Uploaded with API

Intelligence

File Origin

# of uploads :

2

# of downloads :

129

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

virussign.com_c963511194c2157b3a3d608fc9cbba60

Verdict:

No threats detected

Analysis date:

2022-07-15 23:20:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f7386c4c-89c2-4e3d-8734-8fac44a8771a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/290505/

Detection(s):

Win.Malware.Mansabo-7102049-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay

Link:

https://www.filescan.io/uploads/62d1a3690b00dfa734f2bc60/reports/242a30fc-7367-428a-90e0-adc09d6fbc5d/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1033164

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/228a38662f3748adbbfee3d9e41d294d88735e2c461360fcdb67410d75928e5b/

Threat name:

Win32.Trojan.Mansabo

Status:

Malicious

First seen:

2022-07-11 02:30:44 UTC

File Type:

PE (Exe)

Extracted files:

7

AV detection:

25 of 26 (96.15%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ekfdqzrpg5ek3o764pm6ihjjjwehgxrmiyjwb7g3m5aq25msrznq._file

Verdict:

malicious

Label(s):

trickbot

Similar samples:

2ac301ae03c6043ffd1c46b04a64af067502b599c6bc064190e086ad7f99f2f4

44b3d6cb7298f98b7efad49bfedcadfaf59cc90b11e4d307b5a07490c49eeeaa

624144b2f3c5ac061a7ba15175e01fdbd9c2d3038b56e5c73b9ec4b5a480e47e

6452ad3a65fcef75b9afc6cda02bd3f7b01a6319a0bfbf4d5e4ef89f2a99bbfd

6876aa707adeeffbe08d86d26c6cf48b8d77d46c96f8ace28a523b0a846db38f

6af9918a37bfd94d85920a17316ac90ca849903bd881f62245b6bc16bca8d33c

a712b0582519003b5c9bb7a971bf030d4fd1331bc0307c2e663138897aea90c1

d0fd86e3254a14f3b99d141b8512eae447cd716436ba8a192422596a2b0bb625

d9040bf8ad755cd41dc6266c0e0049f4bac0eaa23f18a26931357fe21c719701

+ 2'984 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220715-vzb6dsdag6/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

228a38662f3748adbbfee3d9e41d294d88735e2c461360fcdb67410d75928e5b

MD5 hash:

c963511194c2157b3a3d608fc9cbba60

SHA1 hash:

d7d9e07b67de4ddedefed27bbdc32eb6a4fe47fe

Link:

https://www.unpac.me/results/db77a0a7-b928-47b3-aa9e-d932838ff17f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/228a38662f3748adbbfee3d9e41d294d88735e2c461360fcdb67410d75928e5b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 228a38662f3748adbbfee3d9e41d294d88735e2c461360fcdb67410d75928e5b

(this sample)

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/290505/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample