MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35d7419c53191ff72ea0d518841305dabfe2dfcb67b40680b8e66775dccf0d7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35d7419c53191ff72ea0d518841305dabfe2dfcb67b40680b8e66775dccf0d7e
SHA3-384 hash: 4eff5189b2781179f74093d6e91e46de9c92fd158d7ecc957bd6fd61e0f6b7f2c703a81bdd08750ee8b7471183317b66
SHA1 hash: 7b6a05f440d42465109b1bdca5c5c2b0e76f2734
MD5 hash: f98812c6ca636e9d84662bc232c5f2a5
humanhash: nitrogen-asparagus-burger-connecticut
File name:cccc.zip
Download: download sample
File size:5'725'202 bytes
First seen:2022-04-20 22:19:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:PWLygPwYhzgsOkAk7/tOSGrhzzQRi8Q5Xf5TVRkJS6glgnL1MbfMtcL7HllqLtkv:PWLTjhzPyutJGrhcLiXBTkiSnq0clqBE
TLSH T1884633557D30408E3A6BBA7EDD1D85DE9E238B79FEA32149C05523F392FD1960AE0C48
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter dodosec
Tags:Themida zip


Avatar
dodo_sec
Downloaded from hxxp://invoices.sappleserve[.]com/servicess/cccc.zip.az. JFOur6vtfi0w3RPss8Uggg is AutoHotkey.exe again, jxxP53bOsKfQ04doyhhh is a malicious ahk script that executes GBCleXgkuV.aoc (DLL) with the export "e59GoAiM6fGiRoL4EQaDOt". This DLL is packed with Themida

Intelligence

File Origin
# of uploads :
1
# of downloads :
287
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AutoIT_Compiled.11820.19429.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe expand.exe greyware hh.exe keylogger
Link:
https://www.filescan.io/uploads/62608717ffe27d51191c1548/reports/96a7e46d-a205-4fcf-8117-169c892cc0f2/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/35d7419c53191ff72ea0d518841305dabfe2dfcb67b40680b8e66775dccf0d7e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/35d7419c53191ff72ea0d518841305dabfe2dfcb67b40680b8e66775dccf0d7e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-20 22:20:18 UTC
File Type:
Binary (Archive)
Extracted files:
24
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion themida trojan
Link:
https://tria.ge/reports/220420-183mlahbhn/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Themida packer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/35d7419c53191ff72ea0d518841305dabfe2dfcb67b40680b8e66775dccf0d7e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Microsoft Software Installer (MSI) msi 6cb693b434ef3c9155fd802d07ef6e3d77fb2ca90435d89fa945ddf525170a0a

zip 35d7419c53191ff72ea0d518841305dabfe2dfcb67b40680b8e66775dccf0d7e

(this sample)

  
Dropped by
SHA256 6cb693b434ef3c9155fd802d07ef6e3d77fb2ca90435d89fa945ddf525170a0a
  
Delivery method
Other
  
Dropped by
MD5 a7f2229dfaed3b7f826d4bc52be17aef

Comments