MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55b4275af49cec66a8f4373a43d676e21824e9868b36b8eae3d036d821ec364f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55b4275af49cec66a8f4373a43d676e21824e9868b36b8eae3d036d821ec364f
SHA3-384 hash: 3533247bea6f4785a38d0bc65648a791183eaf857c3500cea2d7577cb375a27ca21d9f77f33d6b6fd56137f2883b725a
SHA1 hash: 1b8d0fd8c59bfaa77887ea743f21088e59302538
MD5 hash: 8ed0d88e9697b03b9cf3446158780d57
humanhash: low-friend-romeo-jersey
File name:8ed0d88e9697b03b9cf3446158780d57.exe
Download: download sample
File size:4'818'371 bytes
First seen:2020-12-14 19:50:46 UTC
Last seen:2020-12-14 21:41:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 08c12a4e8a6a5e4388e0bc669ebc661c (1 x Emotet)
ssdeep 98304:Cd2blwgwVt60tt2tX2trsikqhVDZNbgcNwjmk52Mt6Rq5WpnzsmJk96BS:CEZwgGtztt2tMDzBiikjt+pzg96BS
Threatray 39 similar samples on MalwareBazaar
TLSH FD2633D1A3E01AE9E4BED330895F9916D2B37C9003C5845B823437625EB3593793BF6A
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8ed0d88e9697b03b9cf3446158780d57.exe
Verdict:
No threats detected
Analysis date:
2020-12-14 19:53:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cf7aaf28-18a5-4774-9a58-cbccfbf2d976

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
PyInstaller
Create hunting rule
Link:
https://www.capesandbox.com/analysis/108031/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.71644.11225.19236.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/562591
Signature
Antivirus / Scanner detection for submitted sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55b4275af49cec66a8f4373a43d676e21824e9868b36b8eae3d036d821ec364f/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-14 19:51:05 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0f4238a14d0c6dbd53c84513df03d0d3be5f8452aa858e2273788690fe7c59dc
11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65
13af08593a4bd73dfcf9620842e8c86b24d6e30a2afe5b17aee21274eaf8a8b3
314ce9b62cecb9435d9ff2338943e4e784cbfbaf9a65dbda7fe1064f477afe41
3aee007de2648d8a6c64bf1dfd6ed605bd380a22892e00b5c5d1e3643aebe71d
4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6
4ddfd623ef499cb59cd55be3a72e22acefb23488d1631692baaff001471b2bea
8d3c6da3f4d6513a1d38058a6cf6028e0c07210a5c0509f47150152362093636
b6bfb18cb265786cbf4373a6dc82d4b8ec586d90f6a6e2cc72a1a3d20b60dda9
f29a85a0a8d5c438141903be9402dfea15cc0eb89e356da5b53d31edfabed15e
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/201214-lqvqgv8m2j/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
55b4275af49cec66a8f4373a43d676e21824e9868b36b8eae3d036d821ec364f
MD5 hash:
8ed0d88e9697b03b9cf3446158780d57
SHA1 hash:
1b8d0fd8c59bfaa77887ea743f21088e59302538
Link:
https://www.unpac.me/results/c5f299a6-08b3-47ac-b4c0-b1f19c028007/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55b4275af49cec66a8f4373a43d676e21824e9868b36b8eae3d036d821ec364f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_File_pyinstaller
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Description:Detect PE file produced by pyinstaller
Reference:https://isc.sans.edu/diary/21057
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 55b4275af49cec66a8f4373a43d676e21824e9868b36b8eae3d036d821ec364f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/899467/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108031/

Comments