MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7
SHA3-384 hash:	ac908fbb20aa1070a3d711629a1d1d74f48a520bacf72de9b98ba4f21b36b8c8904a7d9eb32184f37c7afdb2c0fa4a6f
SHA1 hash:	b03f3548510b74668dd455761c58597b62d679cd
MD5 hash:	f766bf428603a392918124d842cef1b4
humanhash:	lamp-grey-mountain-whiskey
File name:	f766bf428603a392918124d842cef1b4.bin
Download:	download sample
File size:	52'736 bytes
First seen:	2024-05-26 00:31:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	1536:474sumoZ8VjYY8FIBPk/JsQrcwyh4vOEDPHBhtk:XGjXM2uDBBhtk
TLSH	T100337C4636D09CB1D9E38072336A7F36B3BFE8720E255C03D33409C96A665E2D619E57
TrID	32.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 28.9% (.EXE) Win32 Executable (generic) (4504/4/1) 13.0% (.EXE) OS/2 Executable (generic) (2029/13) 12.8% (.EXE) Generic Win/DOS Executable (2002/3) 12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter	tildedennis
Tags:	exe prg

tildedennis

prg version 1.0.6.20

Intelligence

File Origin

# of uploads :

# of downloads :

542

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7.exe

Verdict:

Malicious activity

Analysis date:

2024-05-26 00:36:12 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/535ba379-31ce-46ea-b858-c9e1d0ffe1f1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Malware.Zbot-9756745-0

Win.Malware.Zbot-9951823-0

Win.Malware.Zbot-9969502-0

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6652831545e4ae4770390166win10vpnfull_triage

Tags:

Xpack

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

masquerade packed xpack

Link:

https://www.filescan.io/uploads/665283034d56d7d162873d8a/reports/e2330448-ad79-4b91-99b4-46f3f4d4fe13/overview

Verdict:

Malicious

Labled as:

Cerbu.Generic

Link:

https://www.hybrid-analysis.com/sample/5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/11c9e273-5a4d-4f66-a238-26def3b5dad7

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1447602

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2024-05-20 23:56:00 UTC

File Type:

PE (Exe)

AV detection:

22 of 24 (91.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lnbngqg627sraihodx3oqjjxrcstn4lzx5gnvjuic3hzvkccowtq._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240526-avl5ksgb4t/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/7195399a-9092-43d2-be5a-76e46d8ed7ee

Unpacked files

SH256 hash:

5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7

MD5 hash:

f766bf428603a392918124d842cef1b4

SHA1 hash:

b03f3548510b74668dd455761c58597b62d679cd

Link:

https://www.unpac.me/results/7633020b-b5bb-481d-aed3-d1121dfed836/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.34

Link:

https://yomi.yoroi.company/submissions/5b42d340ded7e51020ee1df6e8253788a536f179bf4cdaa68816cf9aa84275a7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	zbot Create hunting rule
Author:	malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/prg/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample