MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e
SHA3-384 hash: 87989befdaa1ab06ef6ed5540d9073d0668ee4abf6c0564954f9eed74eb15c9eea29b0d90b4721eee943b7b82427d1f2
SHA1 hash: f2c402f6430aecea4fb931e16eab0bd664563309
MD5 hash: f462ad2331be807a7173834af415f43a
humanhash: october-king-item-lion
File name:varr.exe
Download: download sample
File size:63'712 bytes
First seen:2024-05-11 18:36:50 UTC
Last seen:2024-05-11 19:26:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f08c95a0157fcde8e28230392c9d7abf
ssdeep 768:EpxOzuQKm3VHsSoYzqwKZeaSvAT7aPpQosDLgV:esuQKOsSnqwPcvWpQosgV
Threatray 29 similar samples on MalwareBazaar
TLSH T1AA5374D1BBD55CD6EE60637C61DAC221263CFEE08A534B0BA52027321B13FD52ED96C6
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter tina
Tags:exe varr.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
474
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e.exe
Verdict:
Malicious activity
Analysis date:
2024-05-11 18:39:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7fa7a228-ae67-4010-abde-8883571f5e79

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Win64.Krypt.11800.2926.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Running batch commands
Launching a process
Verdict:
No Threat
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug overlay
Link:
https://www.filescan.io/uploads/663fbacf11114a9ab5ea935c/reports/5c500778-5395-42ad-90ff-ff903037f0ef/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4585b7a1-7a8f-4c43-87d2-5d1aa21609a1
Result
Threat name:
n/a
Detection:
malicious
Classification:
rans
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1440058
Signature
Modifies existing user documents (likely ransomware behavior)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1440058 Sample: varr.exe Startdate: 11/05/2024 Architecture: WINDOWS Score: 52 16 Multi AV Scanner detection for submitted file 2->16 7 varr.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 powershell.exe 11 9->13         started        signatures6 18 Modifies existing user documents (likely ransomware behavior) 13->18
Score:
9%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lhu457secha3lxgsetin3ib3zz76slhnagdaxm4fc5gfvlqrp47a._file
Verdict:
unknown
Similar samples:
0cc6d724ac017163b40866c820fd67df6ac89924a623490ec1de2ecacf1d0219
2cc48271c89fbe5dcd0af4aeb1302b9ecc3810cad890e5d2817d9b949449b026
59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e
8a9ad8b99cbfeda472193ab63a8f5857fb2659ef08343187569ceb0e4b8dbc13
9ddf7d7b6b8a159202e385f9b60ab88efd888f8f2db3daba205b0b33301572fa
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240511-w9f3rsee44/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e
MD5 hash:
f462ad2331be807a7173834af415f43a
SHA1 hash:
f2c402f6430aecea4fb931e16eab0bd664563309
Link:
https://www.unpac.me/results/aff6cb49-bae6-4a48-bab2-7b698d1a8784/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/59e9cefe4411/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/59e9cefe4411c1b5dcd224d0dda03bce7fe92ced01860bb385174c5aae117f3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA

Comments