MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d308933203744252691fb15fb6c02fa50bed49da96c68d8159ff8b911f5e235. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

OskiStealer

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2d308933203744252691fb15fb6c02fa50bed49da96c68d8159ff8b911f5e235
SHA3-384 hash:	15ae9cc988cae5a719384b8a8f5fe3558234852b063ada9cccd35ce41f3bd8c654a411146d5e3e40d1d2dc462cc66bc2
SHA1 hash:	85fd84c1cb196529a83eaccfb251f524335b14af
MD5 hash:	d7bac801eb5714764619180f30251796
humanhash:	speaker-early-spring-wisconsin
File name:	ebb.exe
Download:	download sample
Signature	OskiStealer Create hunting rule
File size:	20'416'512 bytes
First seen:	2021-08-24 22:48:26 UTC
Last seen:	2021-08-25 00:24:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c5e47cbdeb1fcc88f1f7e7b8fb8ff58c (1 x OskiStealer)
ssdeep	393216:RcCM4/joZEE+U5umBJQh3wvj08XEBCfGdQb8/N22t5ktAD:mCMwoZf5uAvj5EBH5N22v
TLSH	T15D27BE53F7C2A0B3D49306714A1BB373667DAE351921A64BB3497E2D3E71281FA2C643
dhash icon	d4ca87b7ebcbfec0 (1 x OskiStealer)
Reporter	AndreGironda
Tags:	exe OskiStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

157

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

ebb.exe

Verdict:

No threats detected

Analysis date:

2021-08-24 22:49:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/35611de9-71bf-4c8b-a2b1-613f464d500d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Suspicious.Win32.Save.a.9229.21468.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/838637

Signature

Icon mismatch, binary includes an icon from a different legit application in order to fool users

PE file has a writeable .text section

Behaviour

Behavior Graph:

Gathering data

Verdict:

unknown

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210824-dwlvv6vt66/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2d308933203744252691fb15fb6c02fa50bed49da96c68d8159ff8b911f5e235

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xlsx 0231aa0cf3686c184fb9dd21492fe6f5a7615719a74fb341d7369283f559a2c7

exe 2d308933203744252691fb15fb6c02fa50bed49da96c68d8159ff8b911f5e235

(this sample)

7b82ef67319cf926fedd28e2f74ffba0eb32a04ee4ab630c9500bf78bda18b20

exe d9fa9a6d2f94da43ceb1e54df2cac4e099d6700ad52db757e5cbbece821e73d9

Cape

Cape

https://capesandbox.com/analysis/182026/

Link

https://tria.ge/210824-b4gq37316a/behavioral1

Link

https://www.unpac.me/results/355d6d00-f792-4884-92c8-3ae121f5e773

Dropped by

SHA256 0231aa0cf3686c184fb9dd21492fe6f5a7615719a74fb341d7369283f559a2c7

Dropping

SHA256 d9fa9a6d2f94da43ceb1e54df2cac4e099d6700ad52db757e5cbbece821e73d9

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample