MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d654ad4e61808c0b544631cb41399bc584c21092b1de982d39cb996c21695d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d654ad4e61808c0b544631cb41399bc584c21092b1de982d39cb996c21695d1
SHA3-384 hash: 7484c06675ce1281f5e46d2eb547ed60f187434f3deea6b6f6b5af8aa1a1e84ae0014808ccacdea166a3a3fe4fd856eb
SHA1 hash: 45ec0c565862c59c59418db9dafd57d74af144cc
MD5 hash: b4c0f60f14d33a1bca004459cff5af4f
humanhash: timing-aspen-idaho-virginia
File name:GEF4205231.exe
Download: download sample
File size:800'768 bytes
First seen:2021-04-26 06:16:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:hDvFd0kjCe+zpwngO61F/6bKKoUDP2hWBk9parOgnJ1w2HNn/geiUEqE:GZVBZjokGSm15HN/UqE
Threatray 57 similar samples on MalwareBazaar
TLSH B405F1532E84B219D83D97B76462510C07E2ADBEBEE2F74BADCD3488DB77A805503487
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
GEF4205231.exe
Verdict:
Malicious activity
Analysis date:
2021-04-26 06:19:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3924e6ae-2e33-44b8-906b-96ba47bd567b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/144209/
Detection(s):
SecuriteInfo.com.ArtemisB4C0F60F14D3.31604.5689.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/697463
Signature
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d654ad4e61808c0b544631cb41399bc584c21092b1de982d39cb996c21695d1/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-04-26 06:17:13 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvsuvvhgdaembnkemmolie4zxrmeyiijfmo6tawtts4znqqwsxiq._file
Verdict:
unknown
Similar samples:
0ebd7f2342b476608315fc5ef48bc17f0384306094db09179e55af8b5b87e64f
1872aedd5eee8083dcbdc73711000a0280ac586a56149d06fde4329b518eb6cf
3aeba8bab322ad2d34a8ffb2638587ed644551fd8ab8b93c7d5425dfc3ea93ed
738ab100dc0c1db979bc68b02da95d90f59b0da83a5f4fb89d6c140ffac1517b
766275310a4cda56d3ac5765fba22cddae40c0e27da6bbe71db6c5ce160632f9
7c3b5d57b09e814e521d4b325825615285923eb6cf35edc1441c1aa2f0e529e6
a227cf3f5fb90a859db6b3a95e95ead7b01dc01615de5433710205c6cd58ec78
a274ae6a1adcdc3967735c5f04aed6cf22d1541dc275def4eb2d7cb3c0c57d25
bdaacdb35f7e8c902b940543af73f221e3f0b5719d0b411281bb76d8084774c3
ed6b9ae0e3a62d8c24788b8d5b9ffcb9317861746bfc7864777db86369a3def4
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210426-mgsejxfnga/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
e90a19eba5f2de3ba82f652221105bb0682b07c20abddec487c6f4354ea79c39
MD5 hash:
efb0de4397ea61e17d262e278b53ff86
SHA1 hash:
727fdf2ceb13262d56bdda24a02564fb3e80c8b0
Link:
https://www.unpac.me/results/752776e5-db7a-4fd3-93c3-cc1f5ef4b995/
SH256 hash:
2d654ad4e61808c0b544631cb41399bc584c21092b1de982d39cb996c21695d1
MD5 hash:
b4c0f60f14d33a1bca004459cff5af4f
SHA1 hash:
45ec0c565862c59c59418db9dafd57d74af144cc
Link:
https://www.unpac.me/results/752776e5-db7a-4fd3-93c3-cc1f5ef4b995/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/2d654ad4e61808c0b544631cb41399bc584c21092b1de982d39cb996c21695d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/144209/

Comments