MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c
SHA3-384 hash: 00069c3c2ce21d59a4e41f06e4cd5e34a1bf6b15f0bce5db0884224a06e0b1a77d760e9e47f7c655dcbef14ced91752c
SHA1 hash: 947224d73036008dcb6593811e6211c2a2c82f55
MD5 hash: 26eacb0c38f1dcea74aad8f8b4fc3800
humanhash: twelve-eighteen-massachusetts-carpet
File name:BOMBER-CMD.bin
Download: download sample
File size:45'568 bytes
First seen:2022-07-11 12:15:51 UTC
Last seen:2022-07-11 12:55:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a50e815adb2cfe3e58d388c791946db8 (2 x njrat, 2 x DCRat, 1 x Lucifer)
ssdeep 768:zpm7BcEKNvBcvL6VeRNL1a6ZO4PTPz+o+CKr3zQ4NuVVWgP4+z8nbcuyD7UBKOi:zpfEKNCj6VoJl9Go5K7s4Nu3qnouy8Bo
Threatray 153 similar samples on MalwareBazaar
TLSH T15723F147E2CCA9ABF56460796C5F2C685E9CC30836C08262FCD1337A5EF1A064B2D71A
TrID 41.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
25.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
10.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter KdssSupport
Tags:exe


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
2
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BOMBER-CMD.exe
Verdict:
Malicious activity
Analysis date:
2022-07-11 11:04:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/677495db-9a45-41ba-b631-488e791049ba

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/286206/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching cmd.exe command interpreter
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/25052/overview
Behaviour
MalwareBazaar
CPUID_Instruction
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/62cc148bb380a35161761f20/reports/b2b254e7-685b-4ce3-9e47-341ee368c310/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e7b2deff-3b33-4590-ba45-37372d126d2e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1028928
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 661422 Sample: BOMBER-CMD.bin Startdate: 11/07/2022 Architecture: WINDOWS Score: 60 34 Antivirus / Scanner detection for submitted sample 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Machine Learning detection for sample 2->38 8 BOMBER-CMD.exe 8 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        process5 12 cmd.exe 1 10->12         started        14 cmd.exe 1 10->14         started        16 cmd.exe 1 10->16         started        18 114 other processes 10->18 process6 20 conhost.exe 12->20         started        22 conhost.exe 14->22         started        24 conhost.exe 16->24         started        26 conhost.exe 18->26         started        28 conhost.exe 18->28         started        30 conhost.exe 18->30         started        32 109 other processes 18->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-06-16 22:25:04 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 41 (51.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j73kxtmbnd3sgei4bg4gh2wv3snx6omakvpk27jksb4ezo5pgsga._file
Verdict:
malicious
Similar samples:
011bb4cfef72d6381568e872d8ab226bd4803ba0a898d6d59410884c8d140ed5
40fa2841472cc954499bfa367343a445a348ec9312744bdfb32cc671489eccc7
5e0e9bf75e2cdec2ff8047f1ec722d1ba5182b07349018095bb809af7a78c279
9bc57cb47132054e4fc642fdde80688017ef460270e75888c12bd8d7845e4bc4
a0bb62f64b56c9ba7cf6672ffc30141b83763fb7fece4c55284d1fab65529ac6
b3847c94d840dd53c3ba7248734424f06715deacf6dd6ebb727c2f1a7de4c945
c7784f0373b36e09b80ac72e18068821af9c10634fda6a7a1e82213dcd9a9fee
cb53b1c63e40be27b7aa7cd458dbe467e6b6e887fbac6b373374a124c0253caf
e7bebacfd1f9b8da56abd31cdae5be1fd29246d2761439cb8a07993e0d16441c
ed770464373d7578963c4f42cacca5e9b3094443a1666d1fa02fad0f4420f4f9
+ 143 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220711-pfgzmsghfp/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
UPX packed file
Unpacked files
SH256 hash:
226dac921a7cbb65aa5ba677f30e1c2b2afc5048374efffd76373b3a01604b43
MD5 hash:
52839c4fd7cfa239bedacc8b0f712937
SHA1 hash:
fe06e8a8fd44b976c177d6c0f5f58d190ee97ebf
Link:
https://www.unpac.me/results/d1d509f9-d436-4816-8f9b-8ffd7edaba99/
SH256 hash:
4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c
MD5 hash:
26eacb0c38f1dcea74aad8f8b4fc3800
SHA1 hash:
947224d73036008dcb6593811e6211c2a2c82f55
Link:
https://www.unpac.me/results/d1d509f9-d436-4816-8f9b-8ffd7edaba99/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/286206/

Comments