MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 372b3a223a2ce51392f3114a220846a2e09eed6fad4406b1ac1520f6dab236bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 372b3a223a2ce51392f3114a220846a2e09eed6fad4406b1ac1520f6dab236bf
SHA3-384 hash: 7589137b1fdfa6c050c95562f6a1d77db0c4d659123905e86d6b60c75c839db2258a9b9710f0378dae3321e1c5fe3a82
SHA1 hash: a84073021ff9e0466ecfca67d8877465e2baeb43
MD5 hash: 2cad1cdc3f4c00237b61864bbf0f013a
humanhash: two-white-ohio-missouri
File name:SecuriteInfo.com.Variant.Babar.112901.128.5249
Download: download sample
File size:6'144 bytes
First seen:2022-10-31 16:12:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8f154a13ba78b003cfce18886d13160c
ssdeep 48:vpgJ5fDNnU9PHrBkg38zjzpFdfdYOiuLQVYs4vs1SA/QcW0GFmaYmRt5n:BB9V8XzbdfdY9usbGsI9cT4jVR7
Threatray 8 similar samples on MalwareBazaar
TLSH T16CC13CD3214008F1C90ED7B916731B1C3B980296035646F79D898D0E6EF5BE56C7677E
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
remcos
Create hunting rule
ID:
1
File name:
Revised PO-20221031_______________________.exe
Verdict:
Malicious activity
Analysis date:
2022-10-31 13:39:43 UTC
Tags:
rat remcos
Link:
https://app.any.run/tasks/b4eb6b6b-7700-4497-a448-9a4eb0d1901b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/326486/
Detection(s):
SecuriteInfo.com.Variant.Babar.112901.31433.19223.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/47043/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/635ff410ce1f43143c2a34d4/reports/472ec843-1d7d-427c-8690-652ee35afed7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/2739b13e-d6cc-4b14-965d-262ab2b8ddee
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1101864
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/372b3a223a2ce51392f3114a220846a2e09eed6fad4406b1ac1520f6dab236bf/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-10-31 07:41:37 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4vtuir2ftsrhextcffceccgulqj53lpvvcanmnmcuqpnwvsg27q._file
Verdict:
malicious
Similar samples:
31a23d6b013eb681edaddba32e060c000a6d3f3a101778698bafce098300167e
3bf6c8042b94c40a935e85e7bb1999c7c5baf415b7cc687d6b667c6380aa1a62
46625dc48986048946fe26c64a8ff5d81bb213eca3bdf676cd14bd13e541dfeb
72cc3164c2a376bef4c369767f730266d853ecb843566afe00a46a5d5286036f
90cad58e23ade1bb1e1b160dae41f79c2c9a13e8398ea32fab7bf0824b9d06e5
a2455704b431727a3d2205e905ddb64d6e135017551a87c968ad552fe90ded4b
ec6770e9c71a5d2ad3a02abc33df808762fb1259e3657ba356a1906dee2cbee8
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221031-tn221accbr/
Unpacked files
SH256 hash:
372b3a223a2ce51392f3114a220846a2e09eed6fad4406b1ac1520f6dab236bf
MD5 hash:
2cad1cdc3f4c00237b61864bbf0f013a
SHA1 hash:
a84073021ff9e0466ecfca67d8877465e2baeb43
Link:
https://www.unpac.me/results/ff66a07f-eef4-45a8-b888-c9b17d810660/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/372b3a223a2ce51392f3114a220846a2e09eed6fad4406b1ac1520f6dab236bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/326486/

Comments