MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e
SHA3-384 hash: 38f0c86702d23052b45764dcdb788e5c4f7ed6829bc16d3b2e04642cbd2caa7f7bab84a381d565ae46981d27cfcffd97
SHA1 hash: f446cbbfa04ec856431938d4beb408de4528865c
MD5 hash: 26893a46de61332fd08820d5dc56cd19
humanhash: carbon-robert-three-robin
File name:MTdYFp.au3
Download: download sample
File size:260'126 bytes
First seen:2023-08-31 21:26:33 UTC
Last seen:Never
File type:
MIME type:application/octet-stream
ssdeep 3072:PhxLTtzB8idj7wRBMvmbVLWYuRkLXJaXfJw5JEndyhtfZffqGBevDhb6imfMGsjW:PFXjmsRkL00JRtdyz71KBgASYUO
TLSH T13244138979AF50EE0EC1085D687FDD590A1D6868DEB34A70026CC27FEA90DDCC7D2A4D
Reporter 0x0v1
Tags:au3


Avatar
0x0v1
This is a AutoIT script that performs process hollowing to explorer.exe. It injects a PE payload which connects to C2 server and RAT operations. This script has been attributed to be used by Kimsuky, though it should be noted that most of the content of this script is open-source.

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/64f105a8b3b7d7c782d1f594/reports/a0060b1d-23c3-42fd-81e0-a418c8b50368/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-08-29 19:31:33 UTC
File Type:
Binary
AV detection:
3 of 38 (7.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kmc3rfu3gnkjw26uw2fd7grnwhr3ehcus6s5qlhmtpvoziahmmha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e

(this sample)

Executable exe 282e926eb90960a8a807dd0b9e8668e39b38e6961b0023b09f8b56d287ae11cb

  
Link
https://0x0v1.com/posts/superbear/superbear/
  
Dropping
SHA256 282e926eb90960a8a807dd0b9e8668e39b38e6961b0023b09f8b56d287ae11cb
  
Delivery method
Multiple
  
Dropping
MD5 e49aaa9a5933c48feca39f3080a7b94d

Comments