MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5
SHA3-384 hash: 0e0a1b473a63cb4efe7841026e6af4587b36153912eff50ffc74d5202df47ecd568b63e29f79a6610428f42c08dae32c
SHA1 hash: 401d3336eb33cf82eecb5df5c2ac6d5f7f78aa26
MD5 hash: 8f7205aaf80ce4b5d0ee8f00369f301a
humanhash: high-kilo-montana-dakota
File name:qaz.exe
Download: download sample
File size:500'736 bytes
First seen:2021-07-21 06:33:26 UTC
Last seen:2021-12-30 13:36:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 79f7eb84a187c95b4137ba025d4894bc
ssdeep 12288:747jVWnPp3kS+U8u40Rqk84MjKZ5x88tb:+IpIU8ut3MKZ5xP
Threatray 1 similar samples on MalwareBazaar
TLSH T113B45911BB91C076C26231754E5AE3B46AB9BC715E35468B77DC2F3E1F302D29A3930A
Reporter r3dbU7z
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
qaz.exe
Verdict:
Suspicious activity
Analysis date:
2021-07-21 06:36:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/67fc63f5-3a78-49d1-b1e3-c26b2d6ba368

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172938/
Detection(s):
SecuriteInfo.com..24693.17876.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Sysinternals
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b6cbf0c8-969f-4d2e-815f-6ef60d15a94e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/819354
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 451763 Sample: qaz.exe Startdate: 21/07/2021 Architecture: WINDOWS Score: 48 34 update.centosupdates.com 2->34 40 Multi AV Scanner detection for submitted file 2->40 7 iexplore.exe 1 66 2->7         started        9 iexplore.exe 2->9         started        11 iexplore.exe 1 57 2->11         started        13 5 other processes 2->13 signatures3 process4 process5 15 iexplore.exe 24 7->15         started        18 iexplore.exe 24 7->18         started        20 iexplore.exe 24 7->20         started        26 5 other processes 7->26 28 8 other processes 9->28 22 iexplore.exe 11->22         started        24 iexplore.exe 11->24         started        30 2 other processes 11->30 32 12 other processes 13->32 dnsIp6 36 update.centosupdates.com 107.191.61.40, 49739, 49740, 49743 AS-CHOOPAUS United States 15->36 38 192.168.2.1 unknown unknown 22->38
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-21 06:34:06 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
74cc533238ae33245519b52784db0e6adbd3380b350717fdc69d4e36714173d5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210721-3fc9s711mx/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5
MD5 hash:
8f7205aaf80ce4b5d0ee8f00369f301a
SHA1 hash:
401d3336eb33cf82eecb5df5c2ac6d5f7f78aa26
Link:
https://www.unpac.me/results/33df69b7-29df-47e7-b00d-5b807a251b13/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/172938/

Comments