MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c
SHA3-384 hash: 28f657066809db27e822cb20fb2778ed2507bc177ba27f1b137f4e4a3b0c1203b7f1ebd8677fc47bc3e2e2b474d767d6
SHA1 hash: eaacc3b83ebaa2e52edb30d1c29c2cd1ef14c4ad
MD5 hash: 6df70c68f4d3a7f201d0884aefa6d23d
humanhash: sixteen-winter-carpet-music
File name:YK.exe
Download: download sample
File size:5'611'008 bytes
First seen:2024-04-22 12:09:46 UTC
Last seen:2024-04-22 12:27:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'672 x AgentTesla, 19'489 x Formbook, 12'212 x SnakeKeylogger)
ssdeep 49152:T0+LIa6Z+jNssiT671k0Ti40kqjWCRfJajfPgD0Z2cu4+3+zamnDwhEID3:QCBA67Sa0kqi6JSw9cuv5R3
Threatray 1 similar samples on MalwareBazaar
TLSH T1CA46E120ADEB5019FB73AF756BD428DD9A9FB2633E16B9BB101103464613E41CDA0F39
TrID 28.5% (.EXE) Win64 Executable (generic) (10523/12/4)
17.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
13.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.2% (.EXE) Win32 Executable (generic) (4504/4/1)
5.6% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Reporter NDA0E
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
311
Origin country :
NL NL
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Creating a file
Launching a process
Moving a file to the Program Files subdirectory
Replacing files
Sending an HTTP GET request
Forced system process termination
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6626539e54bafb7d21d8bc57/reports/8935cfe3-44cb-4941-9681-2da860f07929/overview
Verdict:
Malicious
Labled as:
Ser.Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Mustang Panda
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6c52b14e-7535-429d-9aad-5ea715a7bcca
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1429624
Signature
Contains functionality to inject code into remote processes
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-04-21 04:53:52 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gqgwz6vnc47oftnuydgins7whew62w7wlujkfirapdsuh5eaiboa._file
Verdict:
malicious
Similar samples:
340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240422-pb1wysbc4w/
Behaviour
Loads dropped DLL
Unpacked files
SH256 hash:
eeadf3afb1899ac0c561de1bd8c3f2276d70349f408a0327d4be604ff06725aa
MD5 hash:
adfae6db26462bfaaa724658b1c063ea
SHA1 hash:
7d8c689df9834ed8bb4108af538dcce7b5d11f69
Link:
https://www.unpac.me/results/c8d553ae-5f40-4ba3-9f15-d5c34995ec41/
SH256 hash:
340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c
MD5 hash:
6df70c68f4d3a7f201d0884aefa6d23d
SHA1 hash:
eaacc3b83ebaa2e52edb30d1c29c2cd1ef14c4ad
Link:
https://www.unpac.me/results/c8d553ae-5f40-4ba3-9f15-d5c34995ec41/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 340d6cfaad173ee2cdb4c0cc86cbf6392ded5bf65d12a2a22078e543f480405c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2823092/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2823094/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments