MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 329e09615441176a17e072eb29d65c1a4b167dbfeca91968cdf40c06680959ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 329e09615441176a17e072eb29d65c1a4b167dbfeca91968cdf40c06680959ce
SHA3-384 hash: 52128ac28e5f58ca5662ff32b81585bbb56fb7ae1ed123af38437f3e0b408c91509ef39ae1ca64691b2bdfd42ab87507
SHA1 hash: 8ae9d258ececc8c5f85cb33e555dd653cf864efa
MD5 hash: 7908b063e6f6c3d0ab2e9488ced6ca73
humanhash: paris-sweet-papa-sierra
File name:7908b063e6f6c3d0ab2e9488ced6ca73
Download: download sample
File size:1'177'408 bytes
First seen:2022-03-23 07:05:46 UTC
Last seen:2022-03-25 07:25:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ffde0b493fb1e036441775d05668548c
ssdeep 24576:EVWgqDRLKxVJ6NMRiHvDmqLvApLzCQdEmeRk7XOSuLL3RBuPGR:lgdx/6NeiHvDmhp6QTeRuO1L3GP
Threatray 518 similar samples on MalwareBazaar
TLSH T1F5452336B3F5E519D293823BCDD7DB229D31B812A26C598E60CE7A1DC9F24312CD1689
File icon (PE):PE icon
dhash icon bd78e0ebf2faee64 (1 x DBatLoader, 1 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
socelars
Create hunting rule
ID:
1
File name:
Setup.zip
Verdict:
Malicious activity
Analysis date:
2022-03-21 01:29:00 UTC
Tags:
evasion trojan socelars stealer loader rat redline opendir vidar
Link:
https://app.any.run/tasks/f97a4915-fedb-4889-a69a-a7c91c6de32d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/255361/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.39307787.27626.24814.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/623ac6eedfdfa8501cd1c90c/reports/50c58191-664a-4e02-9ae4-35920f82069c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/58082dd1-b1b2-4095-b39a-86c6d1dc5673
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/962440
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/329e09615441176a17e072eb29d65c1a4b167dbfeca91968cdf40c06680959ce/
Threat name:
Win32.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2022-03-20 18:39:10 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
25 of 42 (59.52%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
46c8ac53157328105a599fd431f76664c79b597ab7686e12897b2d07043f8d2b
49e86b574240ef199ca645ea210561b237992a261da9abc88383753396a3faf3
4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3
62c9783a27cb9e571bc11445b831f00333197d3c4671c08f04f785d85569499e
6f77b89070ee2bc5d62a1b089401a40e5768520457603b6ed1b5a3c6aa100364
862e13feab6936cf835fc226e167a499a09600068eefcf039239eee2db4f098b
+ 508 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220323-hw41sadfan/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
329e09615441176a17e072eb29d65c1a4b167dbfeca91968cdf40c06680959ce
MD5 hash:
7908b063e6f6c3d0ab2e9488ced6ca73
SHA1 hash:
8ae9d258ececc8c5f85cb33e555dd653cf864efa
Link:
https://www.unpac.me/results/58d0f605-c049-4fef-8ba6-8b507460f930/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/329e09615441176a17e072eb29d65c1a4b167dbfeca91968cdf40c06680959ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 329e09615441176a17e072eb29d65c1a4b167dbfeca91968cdf40c06680959ce

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2111788/
Cape
Cape
https://www.capesandbox.com/analysis/255361/

Comments


Avatar
zbet commented on 2022-03-23 07:05:52 UTC

url : hxxp://file-coin-coin-10.com/files/6380_1647767246_2895.exe