MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5286e612ca35302536507939d609b47dac54b42b6c76238ab2aee60ec6204a0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5286e612ca35302536507939d609b47dac54b42b6c76238ab2aee60ec6204a0c
SHA3-384 hash: d0a9f52c1e9598ecf6de2904890dcd7a517b864ebffcaa00232f6424c9dd29f0aa71e400ed7d871a6d34aa6d366e30ac
SHA1 hash: 3129c168f39111f57edf765e7b58bc9d72ec38d4
MD5 hash: 6c95bdb562b241228d2743c653e90773
humanhash: skylark-december-steak-glucose
File name:synapse.jar
Download: download sample
File size:29'321'777 bytes
First seen:2023-09-21 16:54:53 UTC
Last seen:Never
File type:Java file jar
MIME type:application/java-archive
ssdeep 786432:hoh5zr5Ses3GcykJhowXsI+fVZk4JtxFm9lI46rJFSp204xtoH:hc1r5Bs3dhoPD9ZLDeirrSgpts
TLSH T1BF571210F64B5960C75B753ABAEF0E41BC31A7DDC486C15F21F474898DF2AD0872AB2A
TrID 52.9% (.JAR) Java Archive (13500/1/2)
27.4% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
15.6% (.ZIP) ZIP compressed archive (4000/1)
3.9% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter g0njxa
Tags:jar nStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://workupload.com/file/FJBNwrgMrXQ
Verdict:
Malicious activity
Analysis date:
2023-09-21 16:28:54 UTC
Tags:
stealer nstealer
Link:
https://app.any.run/tasks/f70eb75d-5bb0-4828-8fbb-7aaea2b66c94

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/650c756832ffdb7a7a0edbdd/reports/d920eeb5-ffe9-45c4-9749-48f1b686bd27/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5286e612ca35302536507939d609b47dac54b42b6c76238ab2aee60ec6204a0c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5286e612ca35302536507939d609b47dac54b42b6c76238ab2aee60ec6204a0c
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.spyw.expl
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1312510
Signature
Exploit detected, runtime environment dropped PE file
Exploit detected, runtime environment starts unknown processes
May check the online IP address of the machine
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kkdomewkguycknsqpe45mcnupwwfjnblnr3chcvsv3ta5rrajiga._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/230921-ve41nshd7z/
Behaviour
Drops file in Program Files directory
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5286e612ca35/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5286e612ca35302536507939d609b47dac54b42b6c76238ab2aee60ec6204a0c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/f70eb75d-5bb0-4828-8fbb-7aaea2b66c94/

Comments