MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5883a56aa62e997c5085b87bd041bf0e55cedbdffc8867d041bb1dd467365f0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5883a56aa62e997c5085b87bd041bf0e55cedbdffc8867d041bb1dd467365f0b
SHA3-384 hash: 0abc6b4fe99dd9e68ed81895285236a8138c3d5d28ce785b89c77629bafcfb7751e7afc1c901090decf4c783aa6f4e66
SHA1 hash: 77dfb537a7b59498e74eb0e254632fed8be96a94
MD5 hash: 8491a14aac1ff6b00f0f97b19aa534f4
humanhash: lima-early-helium-early
File name:dad_.bin
Download: download sample
File size:106'496 bytes
First seen:2022-07-17 15:50:29 UTC
Last seen:2022-07-17 16:41:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a50e815adb2cfe3e58d388c791946db8 (2 x njrat, 2 x DCRat, 1 x Lucifer)
ssdeep 3072:oVZ/VGS7rN+KpuQ39yw1z4NGATQ2AiVQout:oV28oKpuQNZ4NbTrAiioS
Threatray 159 similar samples on MalwareBazaar
TLSH T117A3028ADBCCA6E5F0A09071AC9F191A79D4C70933D1CA76FCD12B6F18E1D1A072539E
TrID 41.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
25.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
10.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter KdssSupport
Tags:exe


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
2
# of downloads :
336
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
dadı.exe
Verdict:
Suspicious activity
Analysis date:
2022-07-17 11:51:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4dd14688-3b0e-460d-8ea6-49b034ca18cb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/291365/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Creating a file
Creating a process from a recently created file
Changing a file
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0c9e69d6-20d8-4c70-88e6-18a752e6dffb
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1034879
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Renames powershell.exe to bypass HIPS
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 667373 Sample: dad_.bin Startdate: 17/07/2022 Architecture: WINDOWS Score: 64 22 Antivirus / Scanner detection for submitted sample 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Machine Learning detection for sample 2->26 7 dad_.exe 8 2->7         started        process3 process4 9 cmd.exe 2 7->9         started        file5 18 C:\Users\user\Desktop\dad_.exe.exe, PE32+ 9->18 dropped 28 Renames powershell.exe to bypass HIPS 9->28 13 dad_.exe.exe 20 9->13         started        16 conhost.exe 9->16         started        signatures6 process7 file8 20 C:\Users\user\AppData\...\dad_.exe.exe.log, ASCII 13->20 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5883a56aa62e997c5085b87bd041bf0e55cedbdffc8867d041bb1dd467365f0b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-07-17 15:51:10 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
20 of 39 (51.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcb2k2vgf2mxyuefxb55aqn7bzk45w677segpucbxmo5izzwl4fq._file
Verdict:
unknown
Similar samples:
011bb4cfef72d6381568e872d8ab226bd4803ba0a898d6d59410884c8d140ed5
4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c
5e0e9bf75e2cdec2ff8047f1ec722d1ba5182b07349018095bb809af7a78c279
9bc57cb47132054e4fc642fdde80688017ef460270e75888c12bd8d7845e4bc4
a0bb62f64b56c9ba7cf6672ffc30141b83763fb7fece4c55284d1fab65529ac6
b3847c94d840dd53c3ba7248734424f06715deacf6dd6ebb727c2f1a7de4c945
c7784f0373b36e09b80ac72e18068821af9c10634fda6a7a1e82213dcd9a9fee
cb53b1c63e40be27b7aa7cd458dbe467e6b6e887fbac6b373374a124c0253caf
e7bebacfd1f9b8da56abd31cdae5be1fd29246d2761439cb8a07993e0d16441c
ed770464373d7578963c4f42cacca5e9b3094443a1666d1fa02fad0f4420f4f9
+ 149 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220717-tagh5sdfc9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
d42acf17c5abf5295eb0c307d38f00adb0ee06a80981b22012bd2a6b8a64d1ce
MD5 hash:
99c8e082f125e5a43d1968287bc242e5
SHA1 hash:
5c8cd526df5cad22421171d3e0d27beb756714ab
Link:
https://www.unpac.me/results/c1d2c8db-9ad9-4404-93e6-3f2f270407cf/
SH256 hash:
5883a56aa62e997c5085b87bd041bf0e55cedbdffc8867d041bb1dd467365f0b
MD5 hash:
8491a14aac1ff6b00f0f97b19aa534f4
SHA1 hash:
77dfb537a7b59498e74eb0e254632fed8be96a94
Link:
https://www.unpac.me/results/c1d2c8db-9ad9-4404-93e6-3f2f270407cf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/5883a56aa62e997c5085b87bd041bf0e55cedbdffc8867d041bb1dd467365f0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5883a56aa62e997c5085b87bd041bf0e55cedbdffc8867d041bb1dd467365f0b

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/291365/

Comments