MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 242fd0ad7d0d0277986b06b893fb15c3cc42c0539f29c7a2c766728a6666d891. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 242fd0ad7d0d0277986b06b893fb15c3cc42c0539f29c7a2c766728a6666d891
SHA3-384 hash: 4cf3619d8df3fd5df01c22c3e2943fc19bd1df3a2973828326ffe1cd7f87f78f570c0e30176a9df412e0f86d507d4a61
SHA1 hash: a4ffa222521764cd7d8d2060a6b09fb9d0d74250
MD5 hash: 9388eec0ea622891e2c12878c34aecf7
humanhash: kitten-whiskey-solar-bacon
File name:9388eec0ea622891e2c12878c34aecf7
Download: download sample
File size:712'704 bytes
First seen:2022-12-04 05:16:01 UTC
Last seen:2022-12-04 06:27:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d509ba6f465df0ceee06c0c4fd60355b
ssdeep 12288:yeWjnX7tNerT6uHwBBMn72XEXxjZBLnLT:yJLbiT63B2Xxj
Threatray 49 similar samples on MalwareBazaar
TLSH T10AE4C00A5A3B4B6DC53E84F87142A6432E6BE0C953C5A2C7A579103C5DE50CAF27AB7C
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9388eec0ea622891e2c12878c34aecf7
Verdict:
No threats detected
Analysis date:
2022-12-04 05:18:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6330aacc-81d5-4095-afb4-76b2977ec1fd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/342441/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63948712.6806.24495.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/638c2d5204e0e79bdf40b920/reports/8d2aeb90-9e53-4adf-a778-657d8b4b7383/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6ba72e9f-89e6-4cfb-9e9e-8888136ae064
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1127319
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-29 15:46:01 UTC
File Type:
PE (Exe)
AV detection:
23 of 41 (56.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqx5bll5bubhpgdla24jh6yvypgefqctt4u4piwhmzziuztg3ciq._file
Verdict:
malicious
Similar samples:
1259a0f25fdd3e777bb65d32181580ca864e5b733409fe7d99609316abf16a99
481be9c48d0c9230376cef26f65fd1ece2a23fd0c8b8f7b85e501f06e19f00ed
4b27ceec285c9f67dd1658b92738e7f851fccb71720d40ccf50d7cafd3b49ef3
7557abfdcfdd8a7ea014e293f6ee974f03feb0112d095bee57f0b81e246b1084
7f7ebad193f76acfd76deebe1f9614da18537896e0e6b04d7873cd486f0cf4fd
9a45c640e91c9140c994f9e9ca5cfaea2f11000f988d538482356aa385ece7ba
d5b1a96dc7d4007a9228abee105cd77305827ed28aac77932e7c416c888c9d30
e0178fa193e55b4761ccb0022ee8de95e537da9e29739d5740e690eb92d4085a
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221204-fyqvtsab58/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d7ceb5bb-36a5-4a89-b85f-f48007486e92
Unpacked files
SH256 hash:
242fd0ad7d0d0277986b06b893fb15c3cc42c0539f29c7a2c766728a6666d891
MD5 hash:
9388eec0ea622891e2c12878c34aecf7
SHA1 hash:
a4ffa222521764cd7d8d2060a6b09fb9d0d74250
Link:
https://www.unpac.me/results/abeb1297-70e9-47d0-b2b7-ec5565b74c90/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/242fd0ad7d0d0277986b06b893fb15c3cc42c0539f29c7a2c766728a6666d891

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 242fd0ad7d0d0277986b06b893fb15c3cc42c0539f29c7a2c766728a6666d891

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2443526/
Cape
Cape
https://www.capesandbox.com/analysis/342441/

Comments


Avatar
zbet commented on 2022-12-04 05:16:09 UTC

url : hxxp://h166135.srv12.test-hf.su/6.exe