MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkMe


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33
SHA3-384 hash: 2361171645162ca3c47e208b13ad27c3b1156c88f01fb66b6ff0b5ae7fbdd93dc98a3aaecb5b21b30ceb675757810f27
SHA1 hash: 8630c9b41dd998b7ec58117126653dc4d6ac6be8
MD5 hash: 839abe7006407891d3c6493d30fab68b
humanhash: nitrogen-montana-fruit-mountain
File name:srvrbia.exe
Download: download sample
Signature DarkMe
Create hunting rule
File size:86'016 bytes
First seen:2023-07-07 19:27:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e847ec4ad926dd89c2f4cb28d036c11 (3 x DarkMe)
ssdeep 768:X0cBEDl8mtcoRPO+YuX1Ayf3EgkOqwLevxPIcvAkM8/eVnpc89dPdtWW96D//TR+:X0a0PO/Ujf3OnwevbVfo9dPdb96r/U6C
Threatray 15 similar samples on MalwareBazaar
TLSH T1E883192FF79149E2E6461A310AB5C2E95773BCA66FC7821F7640322D1C36EA20C4576F
TrID 70.2% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter ULTRAFRAUD
Tags:DarkMe exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
LU LU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
srvrbia.exe
Verdict:
Malicious activity
Analysis date:
2023-07-07 19:30:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/88d54903-984d-4277-b607-fc4fd15088d2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/411052/
Detection(s):
SecuriteInfo.com.Variant.Tedy.120724.16410.22704.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lolbin shell32
Link:
https://www.filescan.io/uploads/64a867442333b198b2393257/reports/5915df85-2bf3-452d-925d-bd6077448137/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f31f7eae-c21c-4593-a5fd-fe2cff114141
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33/
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2023-07-07 19:28:05 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvlcjpdleabe6vgcazovkl6y7vci3kudk6feok32emofrybhpuzq._file
Verdict:
malicious
Similar samples:
0a9c93af93718bab8e1d620b1dc4a727f77e9d7bc421ee9ccc59f5fe7f154837
DarkMe
1cd904a688c0d0f13f06c5c113ad638649ab10c1ed756dc65933f34bbf22014b
DarkMe
58d5286e5694f883d2452a81e5f6e77413292ba388300a6e44dd0f91e217aff1
DarkMe
6a91a4a5a664c0f29503d946eac14710ea3bb1008cc6796bc42ea27bde6ed08d
DarkMe
7042b9a81eaf1ddd3de522f40e80a915e0e44c6843320013daaa8ee2a842a9e2
DarkMe
719548921d3a99d8bf31d9c2d543803c0c39a620a8386f8ac557b7ebe5d024d2
DarkMe
9842d23cef4dc305ab6b8cd1ade477e1186d94cfd18861e1c87a55aff4d04c40
DarkMe
b0b430c82cc574323d38d65365540472f3f0e6133dcb36e20ee9fcf5483769fa
DarkMe
b7cfd1d0aad8b5d5db5c17da0519b1d18ec7663699f2b8fedd0628e2bfacb6e5
DarkMe
d206ae7aec2e852e05ca9728c22a17f426984c9dbac09cd61dcd187926bd2236
DarkMe
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230707-x6mxksah76/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33
MD5 hash:
839abe7006407891d3c6493d30fab68b
SHA1 hash:
8630c9b41dd998b7ec58117126653dc4d6ac6be8
Link:
https://www.unpac.me/results/52277cf5-7f8d-4a92-9d5e-17367868b149/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DarkMe

Executable exe 555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/411052/
  
URLhaus
https://urlhaus.abuse.ch/url/2678529/
  
Delivery method
Distributed via web download

Comments