MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 389c8fd9a0090d7654515d0db606a2e2e3f4ae1721797a16ddc4fbded262c6d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	389c8fd9a0090d7654515d0db606a2e2e3f4ae1721797a16ddc4fbded262c6d5
SHA3-384 hash:	e8bfa1fcae8ff258070c7728dc445184389d82f18c1aa2f17a0a281ea3c109ebef21a182bf2b0c2d90570c138f3695c6
SHA1 hash:	889738fbf41625f7304ca7f2dbfa3ebb22b543b6
MD5 hash:	64079a8dca245ddcfe047d0fd0c96ad0
humanhash:	cardinal-orange-nevada-november
File name:	64079a8dca245ddcfe047d0fd0c96ad0.exe
Download:	download sample
File size:	250'880 bytes
First seen:	2022-09-21 06:17:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	384:BNCLq1Z1kFXP4WGzvsuj8Sf5dCuEMa/qunCmtJdh5R555Di:BN+IZ1s6bdCjquRr5R555W
Threatray	535 similar samples on MalwareBazaar
TLSH	T19E34A4B57643A416F86E06F50E89C57316236E96EA51C21E37DE7F8F3A302EEC560360
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	c6c7cbd991b10810 (3 x AsyncRAT, 2 x SnakeKeylogger, 2 x PureMiner)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

226

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

64079a8dca245ddcfe047d0fd0c96ad0.exe

Verdict:

No threats detected

Analysis date:

2022-09-21 06:28:39 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/7abdfd27-7621-430a-b289-1442d0f9123b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/311970/

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.29091.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending an HTTP GET request

Launching a process

Creating a process with a hidden window

Unauthorized injection to a recently created process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/632aad57b333b2ec6b3d0bd3/reports/9f81840b-98f6-4c83-81d7-4051f44f5956/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/4b29bfdb-12b3-499c-9515-e888fbf96a92

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1074318

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Encrypted powershell cmdline option found

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/389c8fd9a0090d7654515d0db606a2e2e3f4ae1721797a16ddc4fbded262c6d5/

Threat name:

ByteCode-MSIL.Trojan.Injuke

Status:

Malicious

First seen:

2022-09-20 23:50:59 UTC

AV detection:

7 of 40 (17.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hcoi7wnabegxmvcrlug3mbvc4lr7jlqxef4xufw5yt555utcy3kq._file

Verdict:

malicious

151fb5746b08b95408b92e08f4bbeac8c4a1a3fc3ad6f43d237357f10476b33f

21bf3627b1e2a400d46ed681b6791b43b13a3f62615b74c3bdaeef402b11bf81

3be69750b64f87e18bcd6d779fbc9511f17e57b8c7738d9374e262fb377ff56a

643dca310ffa930db9dca8d6690c841d0ec0ab75913646756ebeb1bf2de82584

6897412732ce8f38317aefff9c2bb19b15a91caccb0922c53fe29c36474de665

88b00afd2b4f33893e8ca2dfb3a40cfa15d990d731cb1b15617a8f606b5672d0

8feeb31be2e79fc5c6ddd489dcbfe708c8890f107e32c788ec1b7842feead9d4

fec981d9e6f439dd72ab681e144d5da1302b20bcf45ca98ee15bf029eab135bd

+ 525 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220921-g2ms1sfed7/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Checks computer location settings

Executes dropped EXE

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/4712892e-3f53-41f3-8f72-b76afc5c7042

Unpacked files

SH256 hash:

389c8fd9a0090d7654515d0db606a2e2e3f4ae1721797a16ddc4fbded262c6d5

MD5 hash:

64079a8dca245ddcfe047d0fd0c96ad0

SHA1 hash:

889738fbf41625f7304ca7f2dbfa3ebb22b543b6

Link:

https://www.unpac.me/results/7c4d9409-6366-4ee6-af62-a486cca60b95/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/389c8fd9a009/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.44

Link:

https://yomi.yoroi.company/submissions/389c8fd9a0090d7654515d0db606a2e2e3f4ae1721797a16ddc4fbded262c6d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 389c8fd9a0090d7654515d0db606a2e2e3f4ae1721797a16ddc4fbded262c6d5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2307201/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2306837/

Cape

https://www.capesandbox.com/analysis/311970/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample