MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40e61a6c5f46702a808cb94a2f27c6460b5a86c9878d831213c3acd31eee1984. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

XWorm

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	40e61a6c5f46702a808cb94a2f27c6460b5a86c9878d831213c3acd31eee1984
SHA3-384 hash:	1c319edc91b7bcbe9516320059f82ec7577f3d6656588504abaf3c69f95b46d2420abc454279579a404840d45085ba32
SHA1 hash:	f84340391a3aaf5a361415c309a4177203856bb9
MD5 hash:	945c48b426452f9da691c46f2fdc6a07
humanhash:	moon-lemon-maryland-seven
File name:	Damaged_item.img
Download:	download sample
Signature	XWorm Create hunting rule
File size:	1'245'184 bytes
First seen:	2024-02-16 18:02:53 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	96:590UlnHeWQU/9JXcCU8uIeYM5+IkwAf8f:T0UlH3HXQwkgxwAU
TLSH	T13F45B1114BA80059F3B617354AB12735A7B1F81633A38B4F370C131D5FAAAD28D7679B
TrID	47.8% (.ISO/UDF) UDF disc image (2114500/1/6) 46.3% (.NULL) null bytes (2048000/1) 5.7% (.HTP) HomeLab/BraiLab Tape image (256000/1) 0.0% (.ISO) ISO 9660 CD image (2545/36/1) 0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter	malwarology
Tags:	img xworm

Intelligence

File Origin

# of uploads :

1

# of downloads :

101

Origin country :

US

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	DAMAGED_.VBS
File size:	560 bytes
SHA256 hash:	f0e4e2656467459bfde295f51d68f5b1de5c03a504c2c7c8dc4f0d635ed0da26
MD5 hash:	1d08ea9c2b5742989ddd848f545ddf00
MIME type:	text/plain
Signature	XWorm

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PUA.UDF.VBS-1.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

nemucod virus

Link:

https://www.filescan.io/uploads/65cfa35e0ba622dfa952334d/reports/6d94ba8a-5857-40e6-a07a-ab4b47115906/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/40e61a6c5f46702a808cb94a2f27c6460b5a86c9878d831213c3acd31eee1984

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/40e61a6c5f46702a808cb94a2f27c6460b5a86c9878d831213c3acd31eee1984/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2024-02-16 15:49:39 UTC

File Type:

Binary (Archive)

Extracted files:

1

AV detection:

5 of 23 (21.74%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=idtbu3c7izycvaemxffc6j6giyfvvbwjq6gygeqtyownghxodgca._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/40e61a6c5f46702a808cb94a2f27c6460b5a86c9878d831213c3acd31eee1984

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 76fbfcb8754ba7e23c855a71db83aae75c106d84e106330b772cf3a28a440993

XWorm

img 40e61a6c5f46702a808cb94a2f27c6460b5a86c9878d831213c3acd31eee1984

(this sample)

ps1 5daa9b6e18218e20b738b79b6af14a6dcbeba9fff210344ae51ad66db4f7eb5a

ps1 7b34e6746d3340b778eeeee6a248b30e177d18ab71b121740552782c0d5be5aa

vbs f0e4e2656467459bfde295f51d68f5b1de5c03a504c2c7c8dc4f0d635ed0da26

anyrun

any.run

https://app.any.run/tasks/5a9c1aaf-7658-4aa1-aa93-78b780ef5005

Dropped by

SHA256 76fbfcb8754ba7e23c855a71db83aae75c106d84e106330b772cf3a28a440993

Dropping

SHA256 f0e4e2656467459bfde295f51d68f5b1de5c03a504c2c7c8dc4f0d635ed0da26

Dropping

MD5 1d08ea9c2b5742989ddd848f545ddf00

Dropped by

MD5 1db1dcbedd96d24445b5cde20aab3e96

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample