MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327
SHA3-384 hash: 7236116e95a93066171ca76ebe62f07163f5329114c62ab7b97152f96e8381e8627136708755fa3123638d8cecc42594
SHA1 hash: c47ac51d984ec5d410cd51009c1c2ee5c415cfba
MD5 hash: 803c2e7efd8adf05f1df9ae6ce185066
humanhash: tennis-table-march-pluto
File name:803c2e7efd8adf05f1df9ae6ce185066
Download: download sample
File size:1'879'116 bytes
First seen:2022-05-22 17:00:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0dfe559e003c7370c899d20dea7dea8 (9 x RedLineStealer, 1 x Amadey)
ssdeep 49152:NiLec3Lj+HX6IkSeToYgXwnlDege2hua8jGcxJpp:NiLec3Lj+HX6IkSeT6Xwn1egziCcx
Threatray 30 similar samples on MalwareBazaar
TLSH T1EA95AD39EB0617F4D61357B1868EDB7787087B388022AE7BFF4ADE18A4331976805652
TrID 44.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
23.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.4% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
351
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
803c2e7efd8adf05f1df9ae6ce185066
Verdict:
Suspicious activity
Analysis date:
2022-05-22 17:04:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0dc78423-e846-41fe-81d6-e3b1e47e73ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/273450/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/19552/overview
Behaviour
MalwareBazaar
CPUID_Instruction
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug overlay packed
Link:
https://www.filescan.io/uploads/628a6c69054dcf0ecade82b4/reports/c24147c5-79d0-4cf8-91f7-e941790b136e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b8ae17de-2d2b-4ddd-8ff8-606ac885ca63
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/999381
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 631876 Sample: uws0yW95fg Startdate: 22/05/2022 Architecture: WINDOWS Score: 64 18 Multi AV Scanner detection for submitted file 2->18 20 Machine Learning detection for sample 2->20 6 uws0yW95fg.exe 1 2->6         started        process3 signatures4 22 Writes to foreign memory regions 6->22 24 Allocates memory in foreign processes 6->24 26 Injects a PE file into a foreign processes 6->26 9 WerFault.exe 23 9 6->9         started        12 conhost.exe 6->12         started        14 AppLaunch.exe 6->14         started        process5 file6 16 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->16 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-22 17:01:16 UTC
File Type:
PE (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
10835ba7c73aa0239a2f7b60264afa9c31aec8f719388ac13c07a23ea221bd20
2dcaabc7567be2d913a8f0df7c972cc19d7ac220889f74342aa40cad5ec80f1d
8c506402fee84059ee450e9befa30f224e63eac74380a664755f5e9d31f88f91
93a849272c8cd95c44685d207ccc52d5d458d149bdbe6792f5410c54bf378790
d4688e6e5455d4601d2988f805b8e1652def668899185a6c179827f13e72941a
e2f010306e3aaf1a3838ea5bf9d6abefecd5243e17f0ddef47139a80705aae88
f30afc8c92569be98fafc998b231adebfdbd987f2f7300570e1046dbf3004f2a
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220522-vjh9rsafh5/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
e26cb7d36644aef7fbe8bd307b750d62f55eb15663db658bcf148be714ad9963
MD5 hash:
3bc6bfb87b9d6487f3920ab5e24e288c
SHA1 hash:
4209fce4562af0452c80602eea33dec83f5acaab
Link:
https://www.unpac.me/results/e67581e8-f5d8-410a-8c78-9f6423274dcf/
SH256 hash:
48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327
MD5 hash:
803c2e7efd8adf05f1df9ae6ce185066
SHA1 hash:
c47ac51d984ec5d410cd51009c1c2ee5c415cfba
Link:
https://www.unpac.me/results/e67581e8-f5d8-410a-8c78-9f6423274dcf/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/48f41b0138a1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 48f41b0138a1ab48c0caa4c76b5f81044d0e242cce0dccc7148b6a35e471c327

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/273450/

Comments


Avatar
zbet commented on 2022-05-22 17:01:03 UTC

url : hxxp://194.36.177.250:7766/rfv.exe