MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112
SHA3-384 hash: 63666caa29218a757e010ddba8f7e597ca312b44bf8a2f141990aa8d1196ceb6a26965d56d94d6bcfb8f19a1952d5c92
SHA1 hash: 7f2dfe637b98affcb202732f518135ac724a8c91
MD5 hash: 2e0536d1276836fac3ed7eb664148319
humanhash: skylark-zulu-william-november
File name:2e0536d1276836fac3ed7eb664148319
Download: download sample
File size:57'344 bytes
First seen:2021-08-07 21:18:36 UTC
Last seen:2021-08-07 22:12:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash de794eaa348bcab90828044bdaf70bdd
ssdeep 768:x2eCAiEfQXNua61pTUPIA7KfF3k92z27GEieel2:6Ai/ua61pTaKewq6Ecl2
Threatray 3 similar samples on MalwareBazaar
TLSH T157437C137993C037D8A241B2797A4E5AA77EB630076096D7A7941F0E2DB05F2DE3A303
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2e0536d1276836fac3ed7eb664148319
Verdict:
Suspicious activity
Analysis date:
2021-08-07 21:20:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/19c2acdb-e4c1-4ca1-bf90-157b5346e3c3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177193/
Detection(s):
SecuriteInfo.com.Variant.Midie.95922.6911.2197.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4508939e-3b59-4a61-a23f-6759a21e43e6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/828691
Signature
Creates processes via WMI
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-08-05 12:50:20 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
3221c7c857b80fab3818cf1ea9435cef9626d84bd308d7a365e4e5089e5ef413
b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817
fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210807-xq4lep7zza/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Unpacked files
SH256 hash:
613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112
MD5 hash:
2e0536d1276836fac3ed7eb664148319
SHA1 hash:
7f2dfe637b98affcb202732f518135ac724a8c91
Link:
https://www.unpac.me/results/c144dd43-76da-4e02-9e93-ee34c7d0e565/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 613baba21b6553b4d7f93867ff51f9d9b0ae6247b6ee20b6a717798b221cf112

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1439538/
Cape
Cape
https://www.capesandbox.com/analysis/177193/

Comments


Avatar
zbet commented on 2021-08-07 21:18:37 UTC

url : hxxps://a.goatagame.com/userf/2201/goodnews.exe