MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47545839583be8a6542ed55c27079b35deba27f5b80eaa06d993244a9c382fd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SendSafe


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47545839583be8a6542ed55c27079b35deba27f5b80eaa06d993244a9c382fd4
SHA3-384 hash: a10d96f34f2fc9935235457686357a34d3c4c318ede0d64834806a57d006b7ee4c3fc926e4d2c4d769a39b8d234fb89a
SHA1 hash: 321b421adffd0dcbc4aaa4315c75675d1d71914b
MD5 hash: 25bb9a2a3c1135afc92346448cf84955
humanhash: hotel-louisiana-paris-lithium
File name:25bb9a2a3c1135afc92346448cf84955
Download: download sample
Signature SendSafe
Create hunting rule
File size:1'977'176 bytes
First seen:2021-07-08 16:07:43 UTC
Last seen:2021-07-08 16:50:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash be1dd968708d68f3d4d6eae803daa76b (2 x SendSafe)
ssdeep 49152:0528wME4n6U/COuRMdt/8zexPwT0zZb9Im/xnGi5GvJm:WdFuzelA01si5CJm
Threatray 7 similar samples on MalwareBazaar
TLSH T1C995F10675C8DFB7D18792759981D2B24207FC46976CB0C7F2C1B79E21707F6822A3AA
Reporter zbetcheckin
Tags:32 exe SendSafe signed

Code Signing Certificate

Organisation:PBAJUXZSQTOPNBCUHL
Issuer:PBAJUXZSQTOPNBCUHL
Algorithm:sha1WithRSA
Valid from:2021-05-24T10:39:14Z
Valid to:2039-12-31T23:59:59Z
Serial number: -7191f978c4099752b388fdb8cb6409f7
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: ee33266f16e671f9c9d3a1380b8379031a8edcc3ee73c1d0b6c26f8c5153c1c2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
635
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
25bb9a2a3c1135afc92346448cf84955
Verdict:
Malicious activity
Analysis date:
2021-07-08 16:09:44 UTC
Tags:
trojan sendsafe
Link:
https://app.any.run/tasks/03085e99-aec9-447e-9496-39891ae6fa7f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170510/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.13001.15588.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fff2a4f5-0692-4d57-85c4-6b6d797e63ee
Result
Threat name:
CryptOne
Create hunting rule
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/813626
Signature
Detected CryptOne packer
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47545839583be8a6542ed55c27079b35deba27f5b80eaa06d993244a9c382fd4/
Threat name:
Win32.Trojan.GenCBL
Create hunting rule
Status:
Malicious
First seen:
2021-07-08 16:08:19 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
SendSafe
548aeca63c758e896a8959a1f0a4dccd5fc87ae57af14916e54a7f4758808db0
SendSafe
639040459f4506fcc0c84cc54b42d3510792d5dbbe81badecadcb040965311f5
SendSafe
6ec5a40cb123440086c8c5371bfe69de18882714f2d3bc9bb9c4a9a9c151f009
SendSafe
7803f7e488d66ca2ca5de088645985a86570854984131827d06cc6a76a71f630
SendSafe
a9a117ae98fd5a5f90a2058461be2dc525bde25a920d9acaeae2490633587392
SendSafe
aba57bf3e798f491ef816d1b91cd5a7d81c72c725d2bd62e94346fc5028593f5
SendSafe
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210708-xw3rxvln4n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
1ccec006053f5095f0e1038e41efbee73c701f40025033987cd92d10e362b778
MD5 hash:
469b13d8ec3d6f7cb607e38b97e0ddf0
SHA1 hash:
ddf8fed107c0548f934b2803c797aa2ff06f5709
Detections:
win_sendsafe_auto
Create hunting rule
Link:
https://www.unpac.me/results/04f7cb6c-67b9-43da-a16f-a865759d6969/
SH256 hash:
47545839583be8a6542ed55c27079b35deba27f5b80eaa06d993244a9c382fd4
MD5 hash:
25bb9a2a3c1135afc92346448cf84955
SHA1 hash:
321b421adffd0dcbc4aaa4315c75675d1d71914b
Link:
https://www.unpac.me/results/04f7cb6c-67b9-43da-a16f-a865759d6969/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/47545839583be8a6542ed55c27079b35deba27f5b80eaa06d993244a9c382fd4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_sendsafe_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.sendsafe.
Rule name:with_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SendSafe

Executable exe 47545839583be8a6542ed55c27079b35deba27f5b80eaa06d993244a9c382fd4

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1436550/
Cape
Cape
https://www.capesandbox.com/analysis/170510/

Comments


Avatar
zbet commented on 2021-07-08 16:07:44 UTC

url : hxxp://srand04rf.ru/91.exe