MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 308dcf6540932d062dd10a24fefd25d6660afe60dea76c9fa5612ae0f4cb4cda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 308dcf6540932d062dd10a24fefd25d6660afe60dea76c9fa5612ae0f4cb4cda
SHA3-384 hash: 989fe80c4a8f96a366f92ba66d2d34cb2074bfd95c14a459b5327530310c5d04a7377e054a8b1728f506c4099b0aad1e
SHA1 hash: fb6c95fa16c2e91f22ac4e8d73233962e645c6bd
MD5 hash: 8535942f58ba61ce5ce0755d7570f22f
humanhash: violet-carpet-leopard-oregon
File name:CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
Download: download sample
Signature n/a
File size:189'561 bytes
First seen:2022-08-05 12:57:49 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 3072:CFysmYDJzvFDX7kwZcOPgDffPJpVww1CtoVZQzDeQ15vChXbn24RmTzIBTjIg:lsdJzdksPgDf3jVpCtoj6DeQ112XjEoD
TLSH T17004133C51562C0AC0FA51F69924CAFBEFEE083BE45758B12FF715CEA4416839F6124A
TrID 72.9% (.JAR) Java Archive (13500/1/2)
21.6% (.ZIP) ZIP compressed archive (4000/1)
5.4% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter Anonymous
Tags:jar

Intelligence


File Origin
# of uploads :
1
# of downloads :
251
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
Verdict:
No threats detected
Analysis date:
2022-08-05 13:01:04 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
banload
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
56 / 100
Signature
Exploit detected, runtime environment starts unknown processes
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 679298 Sample: CMTNGTFESJRKMAMSPWITGCAGOVG... Startdate: 05/08/2022 Architecture: WINDOWS Score: 56 39 Multi AV Scanner detection for submitted file 2->39 41 Exploit detected, runtime environment starts unknown processes 2->41 8 cmd.exe 2 2->8         started        10 cmd.exe 1 2->10         started        process3 process4 12 java.exe 5 8->12         started        14 conhost.exe 8->14         started        16 7za.exe 16 10->16         started        process5 18 WMIC.exe 1 12->18         started        21 WMIC.exe 1 12->21         started        23 WMIC.exe 1 12->23         started        25 3 other processes 12->25 signatures6 43 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 18->43 27 conhost.exe 18->27         started        29 conhost.exe 21->29         started        31 conhost.exe 23->31         started        33 conhost.exe 25->33         started        35 conhost.exe 25->35         started        37 conhost.exe 25->37         started        process7
Threat name:
ByteCode-JAVA.Downloader.BanLoad
Status:
Malicious
First seen:
2022-08-05 07:55:03 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
5 of 40 (12.50%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments