MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047
SHA3-384 hash: 903d62295751f85681a49661a10430c919e1e96bd523b58c0577096f7da06c15ec9a88204f8d7ad6e953f99108e5a8a4
SHA1 hash: bf83552fff44eb5e8c21ab9f3b661b744d2eda6c
MD5 hash: 32b935362095a384f25c4a076754092e
humanhash: uniform-fourteen-artist-avocado
File name:file.ex#
Download: download sample
File size:78'848 bytes
First seen:2022-10-18 12:08:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 16c6bf6371f9e8dfe90c401e12dcd31f
ssdeep 1536:XRQG8Vy24Fr8WLmhZNHB55shjkhtaJYPgZ9e0aU:XRQJy24Fr8WLmZD6mh6YPgZA3
Threatray 2'830 similar samples on MalwareBazaar
TLSH T174735B1B765540FCC0ABE17CD5876A42E3B5784A03129BCF03A0496B1F573E1AF7EA61
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter 500mk500
Tags:consulting-ukraine[.]tk exe


Avatar
500mk500
consulting-ukraine[.]tk
ukrsupport[.]info

Ref: https://www.virustotal.com/gui/ip-address/79.137.196.4/relations

Intelligence

File Origin
# of uploads :
1
# of downloads :
277
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047.zip
Verdict:
No threats detected
Analysis date:
2022-10-18 16:12:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/da8691f5-c5e3-4551-8184-626aaee7d71b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/321385/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.19170.16166.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the system32 subdirectories
Creating a file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/43630/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/634e975f66721ebd9b2effa3/reports/cc2a07e8-3fb7-4422-9b5a-345a6b1cdd13/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/62aeb875-9c8f-4665-af09-26312e3ecec3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047/
Threat name:
Win64.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2022-10-18 12:09:07 UTC
File Type:
PE+ (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6htmhlcfreceu67tobu5f4pr46kevh4kvetqgax3r2ugeafubdq._file
Verdict:
unknown
Similar samples:
273ad5a2b3f62bd80b72a345fc153d30f3852301ed8d60ad40584086d7ee7735
2eafbf195ee3064026099a6f5f6c78aaaae170c9fb81a5f49f501bf0f061cfd4
39908c43e4124d6fd3362a5cf04cfbc4ac601ee35faf84a21c7979fdf74f05a6
6d6ebf1870d5d9c6bfebdc9fee3a3f381f86b32770f34df41364f905a489486c
8f6e203a52757cdb71ffbf15b696f0518f17862579863e139af08fafe1e1feb6
948eced5fa27e7fc39b404778a20a98d2614158f4f54f1d151de933066045b10
e0ba9bc255356e77c0953b12176294874fedc482796db4c2a3e8e23e1085ae0e
e1dcadc94c7659b12eca375e35858bf68ea02a626078dd5e41eb9bede572417c
+ 2'820 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221018-pbfk1sfga7/
Behaviour
Enumerates processes with tasklist
Gathers system information
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/59b3de26-bf8f-49f2-b7e1-4b3067934a2a
Unpacked files
SH256 hash:
678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047
MD5 hash:
32b935362095a384f25c4a076754092e
SHA1 hash:
bf83552fff44eb5e8c21ab9f3b661b744d2eda6c
Link:
https://www.unpac.me/results/ce5acc0d-f0e1-4e68-ac3f-10cf013e3d94/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 678f361d622c482253df9b834e978f8f3ca254fc5549381817dc75431005a047

(this sample)

  
X
https://twitter.com/500mk500/status/1582340456951975936
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/321385/

Comments