MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45cb842de72a5f29f234652d4da1fcefefa97894eeb9b544ce5b75f3074f7d43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45cb842de72a5f29f234652d4da1fcefefa97894eeb9b544ce5b75f3074f7d43
SHA3-384 hash: f629688de419f2e799e15e89cd0a1e3522e693574b43b8fef67fa8ddff5bc2ca8a85fcc134c87ffe8dc1cae1101de432
SHA1 hash: 15c9136ed6918f8e6004409df15934351cdb686f
MD5 hash: 0e0404838ba4332abbdd3469fd641b00
humanhash: nineteen-kilo-aspen-ink
File name:0e0404838ba4332abbdd3469fd641b00
Download: download sample
File size:258'560 bytes
First seen:2023-01-06 15:42:37 UTC
Last seen:2023-01-06 18:32:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ad071c5b7af1ebfb0747c6bd6c9dbbf
ssdeep 6144:KsHrInZa/OrB3588DhtZRCyHfes8LifKPUZ:KYMnZa/OtDhF/DM1+
TLSH T1AE444887ED8DE8F3F5937EB2C795E27967D9871AC436E5A79F2B032E5AA1600C304005
TrID 40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
12.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.0% (.EXE) Win32 Executable (generic) (4505/5/1)
5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0e0404838ba4332abbdd3469fd641b00
Verdict:
No threats detected
Analysis date:
2023-01-06 15:45:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d4a14fbb-0f83-4fea-a205-e2c052bd1fce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/350167/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.64758229.32587.5774.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Unauthorized injection to a recently created process
Сreating synchronization primitives
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug anti-vm packed
Link:
https://www.filescan.io/uploads/63b841880e926711fd77458e/reports/9e1150e9-c293-4408-a477-c987d02b4c53/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/dde4f231-6574-4a72-b420-f7a861a95c21
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1146500
Signature
Contains functionality to inject code into remote processes
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45cb842de72a5f29f234652d4da1fcefefa97894eeb9b544ce5b75f3074f7d43/
Threat name:
Win32.Trojan.Buzus
Create hunting rule
Status:
Malicious
First seen:
2023-01-04 05:10:51 UTC
File Type:
PE (Exe)
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ixfyilphfjpst4rumuwu3ip457x2s6eu5243krgoln27gb2ppvbq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/230106-s5xyyaha96/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6f18e6d5-9954-4d69-b3e4-f4a41c9a6994
Unpacked files
SH256 hash:
45cb842de72a5f29f234652d4da1fcefefa97894eeb9b544ce5b75f3074f7d43
MD5 hash:
0e0404838ba4332abbdd3469fd641b00
SHA1 hash:
15c9136ed6918f8e6004409df15934351cdb686f
Link:
https://www.unpac.me/results/a9f959f1-7a2c-4971-8067-550a76d31b69/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/45cb842de72a5f29f234652d4da1fcefefa97894eeb9b544ce5b75f3074f7d43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 45cb842de72a5f29f234652d4da1fcefefa97894eeb9b544ce5b75f3074f7d43

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2498984/
Cape
Cape
https://www.capesandbox.com/analysis/350167/

Comments


Avatar
zbet commented on 2023-01-06 15:42:46 UTC

url : hxxp://95.111.230.118/system/download/falcon/Crypted.exe