MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BlackShades

Vendor detections: 7

Intelligence 7 IOCs YARA 6 File information Comments

SHA256 hash:	4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455
SHA3-384 hash:	8c01873993ca43a0eaab11c9c14beb5be09188dc392fefdf662f2349191eb44c56eab74118730a8e61dad4ebe3118e6a
SHA1 hash:	ffde840525f806d98550d87299eac31e0562d51d
MD5 hash:	b319d447e8823814b553ef895de30a8d
humanhash:	high-mobile-victor-alabama
File name:	4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455
Download:	download sample
Signature	BlackShades Create hunting rule
File size:	915'456 bytes
First seen:	2021-02-28 07:09:25 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:HvoPDN8SOomEhWivUOg6C1bXsMkGZKDXUyz6wffTr+JXH0OTUoFttx3ChEhnpZdR:apOoIi1FAbXDCRz6tXFTBF/x3g1Q
Threatray	21 similar samples on MalwareBazaar
TLSH	7D1523E39D4241F3C837B9F5C919E7F56B03B25D19B690B2DD450C52F26B02BEAD801A
Reporter	JAMESWT_WT
Tags:	BlackShades

Intelligence

File Origin

# of uploads :

# of downloads :

120

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455

Verdict:

No threats detected

Analysis date:

2021-02-28 07:40:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/fed7771e-326d-4e00-b717-48ed82757752

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/119806/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/621143

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Potential time zone aware malware

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455/

Threat name:

Win32.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2021-02-25 14:59:47 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=j6dyeerfeblvprvdlj6qyvu6beuh6275436yhnck2cfdkuuhurkq._file

Verdict:

unknown

BlackShades

26542443b5665c97e3784c6bdbe4d009510c8bd4bb2f987ab441027fcdaf41a3

BlackShades

4a347ecb8e697e6e782a6d71516f3fe009888fded5879f973fe3ab4013bbb90d

BlackShades

5024e1e9970c3d1578e5a18081be612151022149e52998cd95b306619ae6322a

BlackShades

53ae2502a9fed69821959a54927023f131c6e62ebc46119d86e2eaad60356827

BlackShades

72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a

BlackShades

761d18087cd08c2d8d482fb4ffd78ad60320918ab70ad978c43b537470ac9e22

BlackShades

a3f7557658c2a4d37ae90e9f39acfe218959ffd9e6336860f659dd8eac0586e8

BlackShades

c6692211811dbc392c194a030e9be25e3758b07e29f1300253f9f4aaa7ed7310

BlackShades

ed8bdc7dfb03c556a144b552517f725297acac5c046313b9f8a96432d94cdf5c

BlackShades

+ 11 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210228-x56qj5awya/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455

MD5 hash:

b319d447e8823814b553ef895de30a8d

SHA1 hash:

ffde840525f806d98550d87299eac31e0562d51d

Link:

https://www.unpac.me/results/f8e93819-4005-4320-8e2f-e23bd36990f3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Dodiw

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Chrome_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Chrome in files like avemaria

Rule name:	Ping_Del_method_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	cmd ping IP nul del

Rule name:	Select_from_enumeration Create hunting rule
Author:	James_inthe_box
Description:	IP and port combo

Rule name:	win_babylon_rat_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

Rule name:	win_blackshades_w0 Create hunting rule
Author:	Jean-Philippe Teissier / @Jipe_

Rule name:	with_sqlite Create hunting rule
Author:	Julian J. Gonzalez <info@seguridadparatodos.es>
Description:	Rule to detect the presence of SQLite data in raw image
Reference:	http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/119806/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample