MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b721820c546923afc2b8c1030d1b0d28316295c2fe9b5debb438c7abd5d8b7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b721820c546923afc2b8c1030d1b0d28316295c2fe9b5debb438c7abd5d8b7c
SHA3-384 hash: ed4528b3a62a6a01351ddeb242ebf20fc97e86a926df1ab20da71af99f7750d870cb6898b6f6f3cfdfcba42903176533
SHA1 hash: d5cad243fa2067679830ee5f48dabccb75d64f6d
MD5 hash: 25734fa2832bd67bf2499caed8cc6f99
humanhash: edward-six-fourteen-bluebird
File name:25734fa2832bd67bf2499caed8cc6f99.exe
Download: download sample
File size:987'488 bytes
First seen:2021-06-08 19:29:56 UTC
Last seen:2021-06-08 21:20:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 44e7313214ce4e94380708f576c657ac (1 x AveMariaRAT, 1 x RemcosRAT, 1 x Formbook)
ssdeep 12288:AesfulGnsITxBM7YebagaQ5V0fZOX7miG8XjHn+D2vWbP8tqX0uNb+T0HXX+jBnN:AepGLM7Yebb5CEZPi0WPCq/XQBmEGG
Threatray 118 similar samples on MalwareBazaar
TLSH A2259F1AB3528832D96717BD8C0BA7A4653ABE413A54EC4E27B03D4D7E357D03E1A09F
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://veronika.ac.ug/cc.exe
Verdict:
Suspicious activity
Analysis date:
2021-06-08 23:19:06 UTC
Tags:
installer
Link:
https://app.any.run/tasks/df59e928-7fe0-41ac-b510-2ebc7c4573d1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/165463/
Detection(s):
PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/799138
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b721820c546923afc2b8c1030d1b0d28316295c2fe9b5debb438c7abd5d8b7c/
Threat name:
Win32.Infostealer.BestaFera
Create hunting rule
Status:
Malicious
First seen:
2021-06-08 19:30:16 UTC
AV detection:
22 of 47 (46.81%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
6030974a1832e7d2b3200be230f610a2ef0b18220b4beedb28f6e35ceb048e4c
76dd27ef96d337d45cfbc7585846d998f6b0f0a3c89255a9329862877432e098
770239e721583e7852323517a01a9bc5ec4922e612104b48ae79ae442c0c697f
85adf569d259dc53c5099fea6e90ff3a614a406b4308ebdf9f40e8bed151f526
8b1c960881fc789460b5b274abd43baddb1c92e1a942d3a1080a4adb1f545e50
a9b0a14beac57ba149a978c8f0996a4f4e70e003b80c67e631947c9dc3590154
ab893fbabe7b944a559507848df6549660cfb33de9d4b0da6d645690981c662a
b63a672f485defdec1774da3ab65fa6e8ec2525d3740dd1ba79c28d0945aa04d
c82dd434a7155fad9cf5bb5b4cec7a4ba2bdb6745def7e207188031bf26fec8a
efe7085d016f39d6e180df2cf41e774b28e64b3e1847b5e69386ef068bea5f20
+ 108 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210608-c1xa4ns466/
Unpacked files
SH256 hash:
5381c6276fc0f552d71efe7fb4d43a9e1a1e776c4cb7a572f72207b777ff2a32
MD5 hash:
3e9b080fb62948db627a904b7af653ea
SHA1 hash:
93a66126bdeb846724b41d44c6a7cac15c5ed636
Link:
https://www.unpac.me/results/b2856067-039e-44ab-a593-84d48b5f64ae/
SH256 hash:
5b721820c546923afc2b8c1030d1b0d28316295c2fe9b5debb438c7abd5d8b7c
MD5 hash:
25734fa2832bd67bf2499caed8cc6f99
SHA1 hash:
d5cad243fa2067679830ee5f48dabccb75d64f6d
Link:
https://www.unpac.me/results/b2856067-039e-44ab-a593-84d48b5f64ae/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5b721820c546923afc2b8c1030d1b0d28316295c2fe9b5debb438c7abd5d8b7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5b721820c546923afc2b8c1030d1b0d28316295c2fe9b5debb438c7abd5d8b7c

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/165463/
  
URLhaus
https://urlhaus.abuse.ch/url/1323058/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1323338/

Comments