MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326
SHA3-384 hash: 57404aef32f41af0bbb0e211ae4d870ac7821b6efdd5a1d5986414348f33d7f89860514e4a86e843d8397ace8d5f8b2b
SHA1 hash: 95f917d6a760e64ea688801c10cb673cdd4adaee
MD5 hash: c9e84d2fed103f6c7a8f1822a42da643
humanhash: pennsylvania-pizza-queen-whiskey
File name:akira.exe
Download: download sample
File size:76'288 bytes
First seen:2023-09-27 07:34:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dd7706099232fddc4b2bd01109553eb6
ssdeep 768:fMYEhHWwKMEm+8mTqntBRP6YmyjDGH1UPpncLtbAE/kgQ9vIhH2lYnrsRkmcHb6M:EbhY8mUHLjDcAmR7H2lYY9cHeuRa1bU
Threatray 2 similar samples on MalwareBazaar
TLSH T1CC737C80F791A9D9D26546B18133CD245BAABC2A2D315B2F32C8B66F3D31382747AD17
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 3474d4c4c4ccccd4
Reporter 1ZRR4H
Tags:exe NORDVPNPREMIUMHITS

Intelligence

File Origin
# of uploads :
1
# of downloads :
277
Origin country :
CL CL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
akira.exe
Verdict:
No threats detected
Analysis date:
2023-09-27 07:34:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fe130117-1874-419a-ab01-8c5d4cfe4de6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/451490/
Result
Verdict:
Clean
Maliciousness:
Gathering data
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm
Link:
https://www.filescan.io/uploads/6513db2734be449f011a37d0/reports/7d23c46d-797b-4722-bfe1-a555788c24f5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8f62331d-9cb0-4cd7-ab7a-31081a932d26
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1315043
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-08-28 23:36:42 UTC
File Type:
PE+ (Exe)
Extracted files:
26
AV detection:
6 of 23 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hga6ul3g4gl4h63eigckgpzfkp7nkhqxlkqealtx2hrsjslocmta._file
Verdict:
unknown
Similar samples:
49ebb927cbe947326337e1da5be8e4478d2243e6adc7ef33be544fe005a5aac2
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230927-jensxaac24/
Unpacked files
SH256 hash:
3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326
MD5 hash:
c9e84d2fed103f6c7a8f1822a42da643
SHA1 hash:
95f917d6a760e64ea688801c10cb673cdd4adaee
Link:
https://www.unpac.me/results/c114e3d2-4054-489f-be82-f68f33e5f877/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/451490/

Comments