MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23f8b1d50ded4e893bf789f5e795aa889a6364f525927f49f607cac93ce3a683. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	23f8b1d50ded4e893bf789f5e795aa889a6364f525927f49f607cac93ce3a683
SHA3-384 hash:	098f08861cdc6d62ee5a7121558f5e133d9ccc4c9161e6934a49f16f2886b6a3f5ce65225fcb81f742351fc64b35f275
SHA1 hash:	0c4712b2b3574b91206644ee789c634f21c2c1ae
MD5 hash:	58d595fc3b8236c9248bc7ffb47c087b
humanhash:	neptune-timing-utah-arizona
File name:	reserva.exe
Download:	download sample
File size:	841'595 bytes
First seen:	2021-11-26 21:24:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	890e522b31701e079a367b89393329e6 (25 x Formbook, 12 x AgentTesla, 8 x Loda)
ssdeep	24576:0thEVaPqL3L2DxJOANfq/PA2HqYzTHFyHZPIGQ:IEVUc3L2fOoG41YPYHZPw
Threatray	447 similar samples on MalwareBazaar
TLSH	T1F00523F69DE47719E0A812F7F64589A14DF05103BF29AC3DE6605443066F019CFA8EDA
File icon (PE):
dhash icon	e8cd0accd2894ca6
Reporter	Anonymous
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

171

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

reserva.exe

Verdict:

No threats detected

Analysis date:

2021-11-26 21:27:38 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/960eec9b-d72f-4d1c-8c59-d2e4e9747132

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Win.Packed.LokiBot-6963314-0

SecuriteInfo.com.PSW.Banker6.BTQY.1690.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/61a150b3b71ceed4153220ce/reports/e2beefc7-0cb9-4b1d-95ed-27b9ec719b90/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d6285e3a-23ea-4c2b-ba84-4d6712c10f51

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/897006

Signature

Antivirus / Scanner detection for submitted sample

Uses Windows timers to delay execution

Yara detected Embedded PE file in AUTOIT SCRIPT

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/23f8b1d50ded4e893bf789f5e795aa889a6364f525927f49f607cac93ce3a683/

Threat name:

Win32.Backdoor.LodaRat

Status:

Malicious

First seen:

2021-11-26 21:25:20 UTC

File Type:

PE (Exe)

Extracted files:

22

AV detection:

27 of 28 (96.43%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

3d96847f7962c01a7951f95acb29dff7999b7e8d54c946b3b1ccd035cbf2bcb1

5ef4f1d59492644372e4de91586798adb788432987848730694be8db0f968008

7d4b1b72b1318cb933e0d6420813499581064f57a713b7e1ee8caa3753113ca0

8f7950c2e180309a2666f594c83800ea4122770b25e3cd896b5d0a362a1647e4

a9431563de4e84d5d231fff8382087131368a29066f7711fdbfee0f70f37fe99

b00e65f141bd037ee4e702f84f6079132a689f31970c29b4d1d67b6a1de4e0bc

b24cb4cd3db305d5451cb3c0d0e60fe578b1fd38aca4be6032fb0ce2f0b786b4

d0004a13a8a8d0938f05b10ffb88cf61e914a1e4ce9c602d5d41196d065c933d

+ 437 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/211126-z9mgbsfaep/

Behaviour

Enumerates physical storage devices

Unpacked files

SH256 hash:

6e9dbe95a55e96677a002b3cd8c1814b5f70e22ad5af727faffcbb9efa06c1c3

MD5 hash:

510b460c0850b342b03a6b1f13535a41

SHA1 hash:

1e9d5806a5ba554eeffa0e39a3e0fb3f4a1c9a9c

Link:

https://www.unpac.me/results/653925d4-61b1-44f8-a29c-97e71b16d33a/

SH256 hash:

23f8b1d50ded4e893bf789f5e795aa889a6364f525927f49f607cac93ce3a683

MD5 hash:

58d595fc3b8236c9248bc7ffb47c087b

SHA1 hash:

0c4712b2b3574b91206644ee789c634f21c2c1ae

Link:

https://www.unpac.me/results/653925d4-61b1-44f8-a29c-97e71b16d33a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.42

Link:

https://yomi.yoroi.company/submissions/23f8b1d50ded4e893bf789f5e795aa889a6364f525927f49f607cac93ce3a683

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample