MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46b55066562fda498a993a7d35206815aab265353c87a6ee4acbe75ae937cd71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46b55066562fda498a993a7d35206815aab265353c87a6ee4acbe75ae937cd71
SHA3-384 hash: 0e03aceb22a64d0427ae22b8cb2b28920eacc527332452068474ef577860e1738e50e06ba8eefe61f41beeb2aec14a5f
SHA1 hash: 607669c6ebc8add1de86d8d5c9c8029eb0d8caa1
MD5 hash: 8ab931942d6b5665a1917bc14bfd2071
humanhash: dakota-eighteen-robin-hot
File name:8ab931942d6b5665a1917bc14bfd2071.exe
Download: download sample
File size:1'354'752 bytes
First seen:2021-10-10 11:56:23 UTC
Last seen:2021-10-10 13:01:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:+54MYuLvSmyRq0PSueafsHtymTNbnJ0xzO0sJ8Mhj/npxnpqC6hq43Hm4D8:+54MYkeq0quzOPTL0xTlMhjLpqvhl3mb
Threatray 473 similar samples on MalwareBazaar
TLSH T1E55533259BA9C1AEC206C0F0B45563E127736EDAF7044E4D62F77D8F03706488BEA6E5
File icon (PE):PE icon
dhash icon 71f0c08888c0e070 (9 x SnakeKeylogger, 9 x AgentTesla, 8 x AsyncRAT)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://iridium.services/download/Chrome.exe
Verdict:
Malicious activity
Analysis date:
2021-10-09 19:10:46 UTC
Tags:
loader
Link:
https://app.any.run/tasks/a7552946-866a-4b68-ad81-4a42ac0ae44f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196388/
Detection(s):
SecuriteInfo.com.Variant.Ser.Ursu.14555.767.23037.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6162d5113831960005b2b942/reports/f65ebe49-1a7f-4afe-bdc9-65f466fbdad1/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46b55066562fda498a993a7d35206815aab265353c87a6ee4acbe75ae937cd71/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2021-10-10 11:57:09 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
3271b5bb8547e3299a52783ceda59df71b2c0b3a6d3a4a29a03a0939e841aa37
49b43f511b1909d0e3f8043faaa12e5613f7588b5944365f20680b87fdf78b83
4d265a1ee6dd0bdccd7e31fce027ccd42f1e19c09a92e911fba7db7696698b4d
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822
63f6a92084e81e72720f6160287e6766e2214f489d11142a9668925c6c4616f2
6c3b8f706293d8462261afe66048575af6798cd0ebaec43f77a742609be0f869
906c931107ffb66c345dae2afa253b71ff21ae420348cc44f36de0bbe3921386
bbabc0cb29dc697735ab4b2d4285e9bb608f992393b734b7b20d4a4ba42a75ce
d9f7bb98ad01c4775ec71ec66f5546de131735e6dba8122474cc6eb62320e47b
+ 463 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211010-n4lgasfhbm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Deletes itself
Loads dropped DLL
Executes dropped EXE
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/46b55066562f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.85
Link:
https://yomi.yoroi.company/submissions/46b55066562fda498a993a7d35206815aab265353c87a6ee4acbe75ae937cd71

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 46b55066562fda498a993a7d35206815aab265353c87a6ee4acbe75ae937cd71

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1662002/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/196388/

Comments