MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35acac3e4fe21edcc9859d1243d770e77f9eb4745b9294b8f494353fbee60492. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35acac3e4fe21edcc9859d1243d770e77f9eb4745b9294b8f494353fbee60492
SHA3-384 hash: d8de55ef08c2cdbd39bd91d7d0af55624e7d99dc388ab047809b6f769ad59ec649c47842362fa89e60837a543038e91e
SHA1 hash: 45e10f7317d973c7e991d72ceb58b4e94532db72
MD5 hash: 69229768357efdb2fa24e4fc72d00427
humanhash: indigo-saturn-shade-one
File name:BuildM1.exe
Download: download sample
File size:107'384 bytes
First seen:2022-11-12 22:19:28 UTC
Last seen:2022-11-12 23:41:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fe149d250759eda77ec053806a280c3f
ssdeep 3072:YYxThAwq1xF5B+wZbxBSEA1d7RYNXkP0N:1TWwqB5/ZzA1d7RkX1N
TLSH T1DAA38D1BBB1900E9D4B7D07CCAA38947D7B074560B6297CF0362435A1F677E41EBE622
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter r3dbU7z
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BuildM1.exe
Verdict:
No threats detected
Analysis date:
2022-11-12 22:20:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e6ba3594-0ae4-4bb7-872e-c7ae99818bc2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/333047/
Detection(s):
SecuriteInfo.com.Variant.Lazy.246958.4549.15229.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipbanker cryptoshuffler overlay packed
Link:
https://www.filescan.io/uploads/63701c135ae98d577068eb52/reports/c0ac0581-39cd-4c83-bdf6-226eb323a8a9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aa7f0405-6e3c-48b1-903e-638de599744b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1112003
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 744699 Sample: BuildM1.exe Startdate: 12/11/2022 Architecture: WINDOWS Score: 56 22 Multi AV Scanner detection for submitted file 2->22 6 wininfo64.exe 1 2->6         started        9 BuildM1.exe 1 8 2->9         started        12 wininfo64.exe 1 2->12         started        process3 file4 24 Multi AV Scanner detection for dropped file 6->24 14 conhost.exe 6->14         started        20 C:\Users\user\AppData\...\wininfo64.exe, PE32+ 9->20 dropped 16 conhost.exe 9->16         started        18 conhost.exe 12->18         started        signatures5 process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/35acac3e4fe21edcc9859d1243d770e77f9eb4745b9294b8f494353fbee60492/
Threat name:
Win64.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2022-11-12 22:20:07 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gwwkypsp4ipnzsmftujehv3q457z5ndulojjjohusq2t7pxgasja._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/221112-183mlacg9y/
Behaviour
Adds Run key to start application
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/16c8166b-2f8e-4813-be34-6aaffbde4f7a
Unpacked files
SH256 hash:
35acac3e4fe21edcc9859d1243d770e77f9eb4745b9294b8f494353fbee60492
MD5 hash:
69229768357efdb2fa24e4fc72d00427
SHA1 hash:
45e10f7317d973c7e991d72ceb58b4e94532db72
Link:
https://www.unpac.me/results/ffbf00d6-3f32-47f2-8a7a-8a4a656c3c5b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/35acac3e4fe21edcc9859d1243d770e77f9eb4745b9294b8f494353fbee60492

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 35acac3e4fe21edcc9859d1243d770e77f9eb4745b9294b8f494353fbee60492

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/333047/
  
URLhaus
https://urlhaus.abuse.ch/url/2409443/

Comments