MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844
SHA3-384 hash:	71404c45ba8f50f786a8e3c931df8f056f28f28c43b2f5e3a85e9bbf794d6e6932b3e4243efe2d511f4491f29baf9521
SHA1 hash:	eac50f847c914f6275bc1f8ef4a6199f9d9e4d25
MD5 hash:	17fa1d1c3c892ea818f05d4e0cf0eacb
humanhash:	white-tango-pennsylvania-seven
File name:	5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844
Download:	download sample
File size:	1'693'696 bytes
First seen:	2023-02-17 12:24:47 UTC
Last seen:	2023-02-17 13:33:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a70feebfa2edf58fb78aabdca62a836f
ssdeep	24576:H/RmiAY3GzTad+8QUfqXHQn652jOi+9TmccljVIH06iyMy:H/RmNY3GzTadNQUfqKF61cXIU6iXy
Threatray	7 similar samples on MalwareBazaar
TLSH	T1F1758D03F68045B9C4A9C27883479B36B671BC890725F7EF1BD4A6213E22BD06F2D759
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	BushidoToken
Tags:	CargoBay exe

Intelligence

File Origin

# of uploads :

# of downloads :

202

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844

Verdict:

No threats detected

Analysis date:

2023-02-17 12:27:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3a5ba03a-907c-4647-9a8d-8b610864afff

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/367654/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.29424.2965.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/71259/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug greyware hacktool

Link:

https://www.filescan.io/uploads/63ef721e9d1fc7bf5b0c4f49/reports/44e3c2a9-0526-4246-99a7-7c097cd0dde3/overview

Verdict:

Suspicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/559463bc-0327-4708-80a1-2004168df0aa

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

evad

Score:

24 / 100

Link:

https://www.joesandbox.com/analysis/1177909

Signature

Found API chain indicative of debugger detection

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2022-11-18 18:05:14 UTC

File Type:

PE+ (Dll)

Extracted files:

AV detection:

1 of 39 (2.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kimouph4yrabbmmedasaulzn3aop6css2w5eumalijld4ndl7bca._file

Verdict:

unknown

90a777852be885a9b7ab7ca025c97ee6657dc052fef2ba29fec501673bd3592a

9432024a253af6bbbd19d011547117edafff8a18b10c0ac739661999ad9ba2a2

a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5

b0620f36f136d0c8e4c036a67798de2902bbd45bd21bd026102d53285d56622c

d800e466a5457ca63d18fcaaf8afea7743c94e26c847ba55175d14b1f0da2408

daa78ec9ac5ba2efffe8ee414c348e2eafa787e341dea0ac83f602b56520fa75

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230217-pllj1sfd27/

Unpacked files

SH256 hash:

5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844

MD5 hash:

17fa1d1c3c892ea818f05d4e0cf0eacb

SHA1 hash:

eac50f847c914f6275bc1f8ef4a6199f9d9e4d25

Link:

https://www.unpac.me/results/56321add-71a5-499b-9c17-e62bf0e65a2b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	upxHook Create hunting rule
Author:	@r3dbU7z
Description:	Detect artifacts from 'upxHook' - modification of UPX packer
Reference:	https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/367654/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample