MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27c740dc023d79e8897ae7723a8749d9036b1f45cc0db69a465f9b5541009e90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27c740dc023d79e8897ae7723a8749d9036b1f45cc0db69a465f9b5541009e90
SHA3-384 hash: 9ba0151e8ab468b4d265380eede3265dca9197f3f2a63fce7266ba43310f5c773c3b88818eac4d84d6185fbbdfbae7a3
SHA1 hash: 6cc50ea46c71989f3ee1de9fb5534b540b669265
MD5 hash: 30a3fb3a5497bbabc779620f91a588a8
humanhash: spring-football-three-neptune
File name:30a3fb3a5497bbabc779620f91a588a8
Download: download sample
File size:355'999 bytes
First seen:2021-11-19 22:27:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 6144:cQqrUrM9FThROmnqVaxeTTnEjMWxmFjTvlZ/69h+elN/cxO/R:AUA9FXOm7eTTrWxoHrSLjlNUgR
Threatray 682 similar samples on MalwareBazaar
TLSH T1397412323A9CB579C0280A72F273B7299DB7BFD4162295AB0B687E9A7C350C15E4D107
File icon (PE):PE icon
dhash icon bce8e4e6e670b0e1
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
30a3fb3a5497bbabc779620f91a588a8
Verdict:
Malicious activity
Analysis date:
2021-11-19 22:33:18 UTC
Tags:
installer
Link:
https://app.any.run/tasks/5e8c7602-4e05-429b-aa97-3810f3f3265f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.StartPage1.60650.4948.30264.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
DNS request
Changing settings of the browser security zones
Changing critical settings of the Internet Explorer browser
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed startpage
Link:
https://www.filescan.io/uploads/619824f84912a8c920a435c3/reports/8bbce8b3-2f4b-44fd-a719-a8d06471c95a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fc1e033a-7886-4ac3-a977-5aeed771c395
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/892965
Signature
Modifies Internet Explorer zone settings
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27c740dc023d79e8897ae7723a8749d9036b1f45cc0db69a465f9b5541009e90/
Threat name:
Win32.Trojan.TrustedZone
Create hunting rule
Status:
Malicious
First seen:
2021-11-17 21:20:11 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2f5639932c7a25cf51737748cdc495367a9203e0a963f930f0009935109da190
585d722fb9096865f5a52e69f9422d3d1e7bf5655f143fee9730468f6b5c6883
600408029d622447c7bab40a0de9c67b35037fa1c0fa69b7f24e06f8f75ef181
98a4b710db82407a705fbe966afa5041566c3f3fdf44118a05f5551fbee3ec8b
df7049b8c4d704376be3920232b1ba6b2c8cf2ff0f9cf3bf22f6d89c1c9515dc
df76b66e92d2d5f0b35e9d8b67a65f2e967ac7502013496e9e241ef510ffad29
e6447686ab68ede1a7b92ddc98b7e90ccf64d48876ace4b91cc45ea2437cc67c
+ 672 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211119-2dpmxsbghp/
Behaviour
Modifies Internet Explorer settings
Modifies Internet Explorer start page
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
MD5 hash:
c10e04dd4ad4277d5adc951bb331c777
SHA1 hash:
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
Link:
https://www.unpac.me/results/31b69bea-2403-4db6-b485-4ec2f287f3bb/
SH256 hash:
27c740dc023d79e8897ae7723a8749d9036b1f45cc0db69a465f9b5541009e90
MD5 hash:
30a3fb3a5497bbabc779620f91a588a8
SHA1 hash:
6cc50ea46c71989f3ee1de9fb5534b540b669265
Link:
https://www.unpac.me/results/31b69bea-2403-4db6-b485-4ec2f287f3bb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/27c740dc023d79e8897ae7723a8749d9036b1f45cc0db69a465f9b5541009e90

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 27c740dc023d79e8897ae7723a8749d9036b1f45cc0db69a465f9b5541009e90

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1801510/
Cape
Cape
https://www.capesandbox.com/analysis/207701/

Comments


Avatar
zbet commented on 2021-11-19 22:27:53 UTC

url : hxxp://drivers.cybertill.co.uk.s3.amazonaws.com/test/newshortcutsv13.exe