MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2
SHA3-384 hash: 18bac20bec02fb2c508d8312bca799b8314d81250e39b46d65eec13e44351f45251272ac3f8e43556b7a3c45e8b36af2
SHA1 hash: 8afe51f2a78fa8e0619226d903aea2dee6bf0067
MD5 hash: 5fc65066299949ecffb04af69c37fd19
humanhash: wolfram-pennsylvania-speaker-quiet
File name:284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2.bin
Download: download sample
File size:42'496 bytes
First seen:2024-05-27 01:02:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b2702c7b457c1af08a6c90258b7c66c7
ssdeep 768:RY+jvRwHqTH4uFU74LuVuLeBZfqM8hDNGa6+lTVBwbdsmpyQl7:RYWvRPL4uFnSuSBQVa+9/wbdhy47
TLSH T1A2138EDA77E1C4F3DC9100702A69976A23EEDE3240658D47C36C499429719D3A12FE6B
Reporter tildedennis
Tags:exe prg


Avatar
tildedennis
prg version 1.0.4.7

Intelligence

File Origin
# of uploads :
1
# of downloads :
309
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2.exe
Verdict:
Malicious activity
Analysis date:
2024-05-27 01:05:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f0af2e84-2d6e-4b45-9d1b-d0748eac5a3a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Gpcode-3
Create hunting rule

Win.Malware.Zbot-9951823-0
Create hunting rule

Win.Malware.Zbot-9969502-0
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6653dbe8121317197511fbb5win7simulatehigh_evasion
Tags:
Xpack
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin masquerade packed shell32 xpack
Link:
https://www.filescan.io/uploads/6653dbc84d56d7d162881dbd/reports/2e067ab2-e279-4363-843b-52b4bf751065/overview
Verdict:
Malicious
Labled as:
Trojan.Spy.Wsnpoem
Link:
https://www.hybrid-analysis.com/sample/284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/824c7e80-2f4a-42a9-84dd-bbb0bd52da44
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1447790
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2024-05-20 21:14:00 UTC
File Type:
PE (Exe)
AV detection:
35 of 38 (92.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fbhxxrgrrss5sqzgti3v5ajetxc43p6eikbyfymw35ks2ufg2kra._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240527-becrmsbe84/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/073bbf1d-b677-40e9-861c-ed0c0735bd7d
Unpacked files
SH256 hash:
6559c5403d5df26f6d9c0848590e25897ef84f9340d9c2968a59cd759db1dbb7
MD5 hash:
8ca0b46b0bac9c833eb47d84bcaa6496
SHA1 hash:
498446c149386b43025b52281afae979dd5eeec7
Link:
https://www.unpac.me/results/3f2d3558-fd20-4cd4-b044-932ee6345981/
SH256 hash:
284f7bc4d18ca5d943269a375e81249dc5cdbfc4428382e196df552d50a6d2a2
MD5 hash:
5fc65066299949ecffb04af69c37fd19
SHA1 hash:
8afe51f2a78fa8e0619226d903aea2dee6bf0067
Link:
https://www.unpac.me/results/3f2d3558-fd20-4cd4-b044-932ee6345981/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:zbot
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/prg/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System Shellshell32.dll::SHFileOperationA

Comments