MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 625b414a29d10b09d84a02f01c2875db8bfdc3bb37963b738be8d2ff7663ba82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 625b414a29d10b09d84a02f01c2875db8bfdc3bb37963b738be8d2ff7663ba82
SHA3-384 hash: abf7d54291d1aa7b16b6be044fd682fc4b7091f29f85814ef71e95ef8b1ac550dfa651420fbd5c3014679bcd964cfd2f
SHA1 hash: 64b50cba58361ded8baf56d3f2b6ee99bc1933eb
MD5 hash: cbf2145ebbec19031edc4a234e0f75ee
humanhash: six-wyoming-uniform-india
File name:MAD.exe
Download: download sample
File size:27'136 bytes
First seen:2022-04-22 05:33:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/octet-stream
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:bd5u7mNGtyVf7AsQGPL4vzZq2o9W7GsxBbPr:bd5z/fcvGCq2iW7z
TLSH T1E3C2D073CE8084FFC0CB3432208522DB9B575A72656A7867A750981E7CBCDE0EA76753
Reporter adm1n_usa32
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/265623/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Win.Trojan.Generic-9802373-0
Create hunting rule

Win.Malware.Cerbu-9804996-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Changing an executable file
DNS request
Sending an HTTP POST request
Modifying an executable file
Searching for the window
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Query of malicious DNS domain
Infecting executable files
Sending an HTTP GET request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/62623e52ffe27d51192c07ad/reports/5b27c623-4bda-4ff6-884a-1c60df3e0e6e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b71eb752-2855-4fc9-bfc4-33257b2a19c5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/981122
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/625b414a29d10b09d84a02f01c2875db8bfdc3bb37963b738be8d2ff7663ba82/
Threat name:
Win32.Virus.Wapomi
Create hunting rule
Status:
Malicious
First seen:
2022-04-12 22:52:09 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
25 of 26 (96.15%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
aspackv2
Link:
https://tria.ge/reports/220422-f9fh8sahf7/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Checks computer location settings
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Unpacked files
SH256 hash:
1a9be5971a2442360c297c93b22af6927cc94962a60ecd9e7d03f83b526f66dd
MD5 hash:
038044ac0b70f1d1de61a6366b7f6982
SHA1 hash:
f0b05b0ca8dec77c14c5a59342f322d0b3dc4832
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/98bd7159-b55d-46fa-a0fd-3c5b65811b6e/
SH256 hash:
625b414a29d10b09d84a02f01c2875db8bfdc3bb37963b738be8d2ff7663ba82
MD5 hash:
cbf2145ebbec19031edc4a234e0f75ee
SHA1 hash:
64b50cba58361ded8baf56d3f2b6ee99bc1933eb
Link:
https://www.unpac.me/results/98bd7159-b55d-46fa-a0fd-3c5b65811b6e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/625b414a29d10b09d84a02f01c2875db8bfdc3bb37963b738be8d2ff7663ba82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/265623/

Comments