MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee
SHA3-384 hash: 19670b73de6d3dbcc1306456a4e79313a550a601a460373bdc5669b2d202c5af9e5ee4a67bde4d3b24d9651c2ae3f2b2
SHA1 hash: 5cf00645925815d888ac8f946c88c61a4bd827f7
MD5 hash: 459f347590000459c312e38cc6a44ad7
humanhash: blue-tennis-wolfram-tennessee
File name:459f347590000459c312e38cc6a44ad7.exe
Download: download sample
File size:372'224 bytes
First seen:2021-06-26 09:26:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1465dccf6e4ac51fee47e91b6181067d (2 x ArkeiStealer, 1 x FickerStealer, 1 x Smoke Loader)
ssdeep 6144:42w8Crg+xkQ6n7hZHLdEJ1++p+XMRex7vMmpxVa9iStN+u2bZyQk7:4Vp6n3iJ1pAMAxMmpxVa9ztWF9
Threatray 106 similar samples on MalwareBazaar
TLSH 52847C00BAA1C035F6F616F4897AD3AC953DBDA15B2050CB52D4EAFE5A386E1EC31317
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
459f347590000459c312e38cc6a44ad7.exe
Verdict:
Malicious activity
Analysis date:
2021-06-26 09:28:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/377bbbe7-3ab8-4dd3-954e-a2414fe157d3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168458/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.23786.3564.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/943b1ce2-62fb-432c-a4cf-e1752dec082b
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/808432
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-26 09:26:09 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03659dfd8c9a7f8b300972af15621b9d67b8854cfbf66ecab15f63b1686afa2c
2884051cd64be98b26224c6cd9ba46bc6802242fdb2aabbb3dd4aa6b1eb16a78
45269d3d0fbf13c80d6c496d3ee36e13808e36063bc82e3247cfc291e0f9223c
4a8de772cb047939cbac796b1461b5276e418fb33249cb4d41785ef37fa91a35
644c41a4311cb26bf1e4b1587a7c8b4e843395cadda1f9ab710a585658c829b2
809ebb3b8572da276fb521772e931faca272a61a9a05e3a3f0734be71cdcc4f9
9d98cf2a209bc4ccc92b7dc792c6f3b21c0ce1c2f7eb72498823e7a593145fea
a08a7177db0107d81bfe600111224a280635177a05a8040ec50037a4c0805605
aa703fb814c6e09c409060654ea9b5798b6a99cb0ceb25bd31bf894dc60702f5
b3daa8d8b247d807ed0619e9f246a6769aa8334f61586a2579ea4886ffca05c1
+ 96 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210626-fpgb7ng8bn/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
b2a049b580ef2fe23defefd78644442329b1378213c59357fbec5e24555aac44
MD5 hash:
f9e3e8dcfbfaf22d61687c78a2ff20fa
SHA1 hash:
439731b1bf2b800c2ed8c18fcd14b8ecc25eacc9
Link:
https://www.unpac.me/results/1356001a-7d16-432e-8096-913b99c5cc86/
SH256 hash:
3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee
MD5 hash:
459f347590000459c312e38cc6a44ad7
SHA1 hash:
5cf00645925815d888ac8f946c88c61a4bd827f7
Link:
https://www.unpac.me/results/1356001a-7d16-432e-8096-913b99c5cc86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1400216/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/168458/

Comments