MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b8db690c42dd36a718e9265d3aff27ef22e4c3cfcc686f075935f25540b2256. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Phorpiex

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	6b8db690c42dd36a718e9265d3aff27ef22e4c3cfcc686f075935f25540b2256
SHA3-384 hash:	76820a98e60fa6cc373a83336c612ecd8bbdeeb514958557fec4b15ec23dbb810ca581605db6a4c06734e0f856f71b30
SHA1 hash:	2c53c0bbb5c293757517c456acee58083fc62b35
MD5 hash:	ebfab722316e215e608ad6bdc9343ac0
humanhash:	mockingbird-wisconsin-timing-quiet
File name:	ebfab722316e215e608ad6bdc9343ac0.exe
Download:	download sample
Signature	Phorpiex Create hunting rule
File size:	1'975'288 bytes
First seen:	2020-12-01 08:57:02 UTC
Last seen:	2020-12-01 11:07:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7d3cfbd68338c88a0820bb90e7839066 (1 x Phorpiex)
ssdeep	49152:lHpHzyQndejfgDUk9PDF8VPa3uzaQPycDn7exArOVTDE/:l5+QnfPhDuZa30JuArj/
Threatray	10 similar samples on MalwareBazaar
TLSH	A9950232A5A08033D6F105B3F824D6207D7DA2187F1585ABD3949E1D3EB89E666FB343
Reporter	abuse_ch
Tags:	exe Phorpiex

Intelligence

File Origin

# of uploads :

# of downloads :

164

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/106187/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.36265.23482.17511.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

DNS request

Creating a file in the %temp% directory

Connection attempt to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/551974

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6b8db690c42dd36a718e9265d3aff27ef22e4c3cfcc686f075935f25540b2256/

Threat name:

Win32.Downloader.SmallAgent

Status:

Malicious

First seen:

2020-11-20 23:27:17 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

3/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nog3negefxjwu4mosjs5hl7sp3zc4tb47tdin4dvsnpskvalejla._file

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/201201-s17zddv4m2/

Unpacked files

SH256 hash:

6b8db690c42dd36a718e9265d3aff27ef22e4c3cfcc686f075935f25540b2256

MD5 hash:

ebfab722316e215e608ad6bdc9343ac0

SHA1 hash:

2c53c0bbb5c293757517c456acee58083fc62b35

Link:

https://www.unpac.me/results/08705b32-8971-4fed-96ea-8db6c4608373/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Eldorado

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/6b8db690c42dd36a718e9265d3aff27ef22e4c3cfcc686f075935f25540b2256

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/106187/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample