MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2
SHA3-384 hash: 107c095e70fe952e8e36be605a836c0837019725ce181365d0d652b8546b7212e3abf96179ea61f1c59d065158dada96
SHA1 hash: 4904830fb2bacd1f40a65c8558537ed45064ff03
MD5 hash: f1608b4589e50a0c4a489a66c4a30892
humanhash: timing-connecticut-hawaii-tennis
File name:f1608b4589e50a0c4a489a66c4a30892.exe
Download: download sample
File size:16'157'812 bytes
First seen:2023-02-11 09:02:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c6e51dda1622035b42b177c9afe67c30
ssdeep 393216:WTDNFabhV8d9JNJRS3k2woJuQFkyRmazVNEJVZOUcryo8mRHVjnK:0DNFwVe/S3kZoFVR8qyo8mB1K
Threatray 15 similar samples on MalwareBazaar
TLSH T1D7F6F1176864CE2CCD938433505282E292059D7DEE09DA9F13BA398D9FF3D670B11BAD
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 4145454545454541
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f1608b4589e50a0c4a489a66c4a30892.exe
Verdict:
Malicious activity
Analysis date:
2023-02-11 09:13:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3d3031d8-acf7-4aed-a0f5-3d5d8adff4da

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Sending a custom TCP request
Creating a file in the %temp% directory
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/68038/overview
Behaviour
MalwareBazaar
CPUID_Instruction
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug javadropper overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63e759c913286ddce30b7f2d/reports/26fef3a8-a2e2-4344-acb1-e2ab8770ec27/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aebc5bd3-2530-4902-8d87-518257197369
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
troj
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/1171981
Signature
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 804769 Sample: 90bOWeEJk4.exe Startdate: 11/02/2023 Architecture: WINDOWS Score: 28 30 Uses known network protocols on non-standard ports 2->30 8 90bOWeEJk4.exe 2->8         started        process3 process4 10 javaw.exe 4 8->10         started        process5 12 javaw.exe 48 10->12         started        16 icacls.exe 1 10->16         started        dnsIp6 24 46.138.252.157, 49708, 9274 ASN-MGTS-USPDRU Russian Federation 12->24 26 127.0.0.1 unknown unknown 12->26 28 192.168.2.1 unknown unknown 12->28 20 C:\Users\user\...\discord_game_sdk_jni.dll, PE32 12->20 dropped 22 C:\Users\user\...\discord_game_sdk.dll, PE32 12->22 dropped 18 conhost.exe 16->18         started        file7 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kbj7pimppb3divrgoscp4n4h4jicyzgyvdzmea3nlp7muygks3ra._file
Verdict:
unknown
Similar samples:
0ead50b6e178331dc5e0ed73d4080afd8682f12358730c0d7ae62a95be167e52
729e7368bb7e28a5416896392bfed2f738804cb7d957c58e78a90a771ce4f976
767a951ea1f41e10287199d95ffed5a84a94e1d33d82d519c91db89d37941f42
8dc5d35e7f0a75f8a864ce2a569ac1cc3825521bcd269e5bc2ee7e6ce40c3fae
9b1af42072b91c504d9298d5938b8b5976a4ed4326484e9559a931a1173ee466
a630470ce161a2221c4913198b32f4af64b2d49fa5c64c4c3458475879b2d07e
c2dcc646a68381f519b6461c54129e0b4ec5efc0125c382f75c67341cecd2f2e
db3dec6fc542d0d1e7e00233812984c3698a54bcc2a4d124e0a7075794e162c5
e034f070ece091bfb23daacd153f9121030abd88a2349c00c3f7f4aba176dd8b
fe317007a64424dc6161dae1c8f7a84542170ab100f5bbd12d7c9b995ec0acac
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230211-kz2qyabh3v/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2
MD5 hash:
f1608b4589e50a0c4a489a66c4a30892
SHA1 hash:
4904830fb2bacd1f40a65c8558537ed45064ff03
Link:
https://www.unpac.me/results/d0fbae5a-b659-4783-86e1-9b83b8f9dbbc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.21
Link:
https://yomi.yoroi.company/submissions/5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:grakate_stealer_nov_2021
Create hunting rule
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments