MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028
SHA3-384 hash: 88cff17cbfdd929c823c7eddadc15cdf1eb865cb479aca1626490667030ec0d5f827a0ede5299cf6b1efdba2b4a773d3
SHA1 hash: ff172a51c13c1a3be7f2c8b1e9352492e2ee01d6
MD5 hash: 8a7ed15dfd5e385b3913129c372cc026
humanhash: triple-robert-yellow-jersey
File name:485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028.bin
Download: download sample
File size:1'195'008 bytes
First seen:2022-04-22 15:53:49 UTC
Last seen:2022-04-22 16:40:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1359bc5e32064d6cd85d5d1dabfed078
ssdeep 24576:2QLVx+nSmMsWO1ANzhNJutjOuXLmDbbRfh3qacMWOEjzDHLPOCTYZMS98kx9:2u0nSmM9O14hNJWXqPxhSpOELLPOCTMV
TLSH T1EB45CF22BB82D572D492447422BAD37A4D3AB930473FC9C7D7D029694D316D02B3F7AA
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter Arkbird_SOLG
Tags:apt APT37 exe Goldbackdoor

Intelligence

File Origin
# of uploads :
2
# of downloads :
306
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/265876/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.48910082.27454.30295.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
DNS request
Creating a file
Enabling the 'hidden' option for recently created files
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm cmd.exe greyware rat
Link:
https://www.filescan.io/uploads/6262cf9fba81efdb400465a3/reports/cb21ccc0-3a6d-448d-bec7-37f3b3b8f986/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c30d5119-312a-4318-9e33-a2f5f48fbaa3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/981514
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028/
Threat name:
Win32.Spyware.Xegumumune
Create hunting rule
Status:
Malicious
First seen:
2022-01-28 21:17:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 42 (50.00%)
Threat level:
  2/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220422-tb7rqadeg2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028
MD5 hash:
8a7ed15dfd5e385b3913129c372cc026
SHA1 hash:
ff172a51c13c1a3be7f2c8b1e9352492e2ee01d6
Link:
https://www.unpac.me/results/4a68db93-beb1-4d5b-ba02-632b3bce5eb6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
Cape
Cape
https://www.capesandbox.com/analysis/265876/

Comments