MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a3aa50e6aaf6355fd39b2742310554e2820b6a4ddf58b7c12ab86085a417a6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.ExtenBro


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a3aa50e6aaf6355fd39b2742310554e2820b6a4ddf58b7c12ab86085a417a6c
SHA3-384 hash: 7c42aefb92bf4c4d752e62d4fbd5ce34937ed8db3f9ec2335ea991e4c44b79f5e58967b302fd59cdba79ba0d246e7315
SHA1 hash: b8af67d9efe2c43d71fabb980e54795b2838e2d1
MD5 hash: df4fff7588f6cfe466453047f068131f
humanhash: cola-colorado-sierra-edward
File name:Setup_1022.exe
Download: download sample
Signature Adware.ExtenBro
Create hunting rule
File size:5'765'632 bytes
First seen:2020-07-08 17:22:09 UTC
Last seen:2020-07-08 17:58:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'602 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 98304:5jrkSmlrdSWRNUkEfwyS60U+FTyZvDw45KRNvEZoqsC7Y885REJ83MFLOAkGkzdh:5j3grEIURwh6Rg+BDweKYoq/U/XEJ83D
Threatray 15 similar samples on MalwareBazaar
TLSH 38469E127E9850E6F05B0D3406ADB23D72BEBD765126624BA740FA0DBDB03435F1AB27
Reporter TrappmanRhett

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/23298/
Detection(s):
SecuriteInfo.com.Trojan.Zadved.1626.25288.21193.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Creating a file in the Windows subdirectories
Sending an HTTP GET request
Sending a TCP request to an infection source
Sending an HTTP GET request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a3aa50e6aaf6355fd39b2742310554e2820b6a4ddf58b7c12ab86085a417a6c/
Threat name:
ByteCode-MSIL.Adware.RelevantKnowledge
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 17:24:07 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
07cd5128e0d8dba2bf9917891e8e4d3685b58a09df51101a872ebf41a7043418
Adware.ExtenBro
0bda455745bf357aceefb490c19c47e70b7e65ea11fd9352200f98e795c8cbdc
Adware.ExtenBro
48236bb4fa38724fb0a368673e14c364fde3fa5e95ba42db44a0193ba4c13beb
Adware.ExtenBro
7b3038c1373ca79b19dc5789778a1a0cf38d49a0fcda94d9288be6f648d9d269
Adware.ExtenBro
8ac77ea1b7333cc26a60ce0857e878a7cd0b96025ee8e7764c9c04f38b073ee2
Adware.ExtenBro
8b9168d5ab359866b52639ef7dc5f25a8154707569bd1cb0fa9200a2293cbefe
Adware.ExtenBro
8edd6dd53784f816039a5f935567cb551d0743a85713116670d2caae1d9ebd86
Adware.ExtenBro
c121b14316a1f7976c4337f37c29acd3a1efeff592617736b1ae1e6d3bf04b09
Adware.ExtenBro
c8b1cce5ae65d68b7ca2a419b1499d7bec6e4e3d1e04d3e3f040eeaeb6080146
Adware.ExtenBro
cae6e1df4039a438142c790ee3f22a05a36f68c1662a34978631e792ddd500b6
Adware.ExtenBro
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200708-rp6ww1vj6x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.ExtenBro

Executable exe 4a3aa50e6aaf6355fd39b2742310554e2820b6a4ddf58b7c12ab86085a417a6c

(this sample)

Adware.ExtenBro

Executable exe ccaedac7e0d5d4a655d37d59fb12bfb920785e9c8d0b811dc6ab88d3e1ca6ea0

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/23298/
  
Dropping
SHA256 ccaedac7e0d5d4a655d37d59fb12bfb920785e9c8d0b811dc6ab88d3e1ca6ea0
  
Dropping
MD5 08d30f125230d7a82f47cee211b6e329

Comments