MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73
SHA3-384 hash:	4698616a5e9985d0a6b8ac82318df0769f15db6dc442754218bfb46c803c1f9e95772e24e1c46dcd0d43adf131db94b1
SHA1 hash:	d91dcc217d161c52b644298f3a80932320a12300
MD5 hash:	07eba257f3c68d1effd1704ad3bdf746
humanhash:	triple-pluto-oven-kentucky
File name:	07eba257f3c68d1effd1704ad3bdf746
Download:	download sample
Signature	Havoc Alert Create hunting rule
File size:	627'654 bytes
First seen:	2023-12-14 08:08:55 UTC
Last seen:	2023-12-14 09:23:25 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7cb96f961423ed60b38a4407fba7d0a3 (4 x Havoc)
ssdeep	6144:PPIDLr6Dnmo5GpdCcmA2S+LKnkpL2Rut2pKVuYiElHyAiv3ZGR6rSTY+x8mogOKn:PPIPr6J2EuFkMIooIb/vRybxBpCO
Threatray	45 similar samples on MalwareBazaar
TLSH	T153D47D94B744FDF6DC894BB008D2630963B9F0C1971AEF2F2524FE3C095AB98DD6254A
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zbetcheckin
Tags:	64 exe Havoc

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

292

Origin country :

FR

Vendor Threat Intelligence

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467421/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win64.BackdoorX-gen.30350.6705.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Dragonfly

Gathering data

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-debug crypto greyware overlay packed redcap

Link:

https://www.filescan.io/uploads/657ab82f5937bfdbca10d453/reports/e03bb472-26c7-4ded-9c73-2264c96aa229/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Havoc

Malware family:

Havoc

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/de5bdcfd-6d72-4961-9b73-c54a08b7da23

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1362004

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73/

ReversingLabs TitaniumCloud Win64.Adware.RedCap

Threat name:

Win64.Adware.RedCap

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-13 06:41:15 UTC

File Type:

PE+ (Exe)

AV detection:

14 of 23 (60.87%)

Threat level:

  1/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gmejmwac5gfxig2hi3tqwnj4jzfsmtlcjld5tp52kmpzbsvdbrzq._file

Threatray malicious

Verdict:

malicious

Similar samples:

3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73

Havoc

41efbb27cec78b72e56b469c635fd26dd92bab122220dd77791230f3aa9ca8b3

Havoc

7a3f54e7c4f16bff7c2b1b93b0d5b1c226ec43f4a97f5ad4db972fb96f2a1e19

Havoc

8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

Havoc

a9180fb79d272c7f05692d692beb8436aa131fde1c4390e6942c502b6333e6c6

Havoc

e2762ea7c59520a1a989cb3d6798b00ffba323e82a5db2cd0f778573feddfa60

Havoc

+ 35 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/231214-j15csadgc4/

UnpacMe

Unpacked files

SH256 hash:

3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73

MD5 hash:

07eba257f3c68d1effd1704ad3bdf746

SHA1 hash:

d91dcc217d161c52b644298f3a80932320a12300

Link:

https://www.unpac.me/results/ad70c87f-f390-4ec9-ac09-54e4487f9183/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Trojan

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Havoc

exe 3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2740482/

Cape

https://www.capesandbox.com/analysis/467421/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-14 08:08:56 UTC

url : hxxp://113.52.134.114/wai3.exe