MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312
SHA3-384 hash:	c8140c2ed1801161c892baa28284ec96a33b0261f7e48d7a7f1f47e66b377b33662bc31b0f0878f3c20f36eb1fde6661
SHA1 hash:	709dcf09e33a128d0eee3bdbd03c99614f37e035
MD5 hash:	db742062ddf8dddd7521e31da16004de
humanhash:	mango-jig-black-william
File name:	SecuriteInfo.com.FileRepMalware.7137.26178
Download:	download sample
File size:	156'975 bytes
First seen:	2024-04-28 23:26:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bcf839cc283f092a6aaf13cb38699669
ssdeep	1536:ee2ywxNXxKSQBo/4+tVdUBj4pdWJ99sv7nyi95Br8zwv6jymsDahH9ShBo:eeexWBXMW4S99Ynn77iQ09ShBo
Threatray	173 similar samples on MalwareBazaar
TLSH	T1E5E31AD121D44C9BEFA4637C86D6C222773CB6D087A78743897069369E13FC16EC27A6
TrID	51.0% (.EXE) UPX compressed Win64 Executable (70117/5/12) 19.7% (.EXE) UPX compressed Win32 Executable (27066/9/6) 12.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 7.6% (.EXE) Win64 Executable (generic) (10523/12/4) 3.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

518

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312.exe

Verdict:

Malicious activity

Analysis date:

2024-04-28 23:26:51 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d8f98d3b-e7e7-43ac-8331-eaf034af4247

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug overlay packed packed

Link:

https://www.filescan.io/uploads/662edb4714fabb16f4034b4c/reports/1027a9dc-58c1-4dbb-83f8-76f17814278a/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/0f90aea0-93bd-418d-9dfd-2cf822c13e6b

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1433040

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Opens the same file many times (likely Sandbox evasion)

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-05-19 17:28:47 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

17 of 38 (44.74%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=l266iu2zvqfcsmmlx4ktentya2tcdh5otikqqjzimlwmu567emja._file

Verdict:

malicious

24cf5566094b9c99b75303995b503b3285531d1313658f318a931424c9ef46d3

359f9ca568b7525fa41e8ce63450ef4fe1f5c4ba5a334d1473ef93867b21f8a5

4c0003c3a45e94129cd5b6771200feebc7c4f53f0d5b110276d8dc7ae29c9e8c

5d48f8503446780ca198fb5a5c7ccebc7a8ca729f9a0cad78a2fc5f381500d13

5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312

65ccbd63fbe96ea8830396c575926af476c06352bb88f9c22f90de7bb85366a3

ee08608492383853c0cf59e355f9721f413d83f18d3e4a2c344f5b90407caf4a

+ 163 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/240428-3fefeabh34/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

UPX packed file

Unpacked files

SH256 hash:

e03414af99b50f1f3e50f606fb1ab588358fa536daa254820c5cc8911bc64ec8

MD5 hash:

4689fdfa1710abb489c430c17ff3c19b

SHA1 hash:

00c0c6227189760ceda615ad6c4667830de6ea6f

Link:

https://www.unpac.me/results/6bb18dc5-0892-40b8-9dad-9130f5666404/

SH256 hash:

5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312

MD5 hash:

db742062ddf8dddd7521e31da16004de

SHA1 hash:

709dcf09e33a128d0eee3bdbd03c99614f37e035

Link:

https://www.unpac.me/results/6bb18dc5-0892-40b8-9dad-9130f5666404/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample