MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bf4aa5973b22b23ffac41a15b042a8dc26758fedfb2b44c8ef89a1bca3715a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bf4aa5973b22b23ffac41a15b042a8dc26758fedfb2b44c8ef89a1bca3715a9
SHA3-384 hash: 278ea21518279cb3f255e67bcf9514940cef9bf3f41f947c4210bca81348aa7398b9de86b88b18a9cc2aae644e80c9f5
SHA1 hash: eabd75ca7e2b29e37c0048947f565ac314a1b001
MD5 hash: 026cc995b5afa23be9d0559467a8a48e
humanhash: orange-football-music-queen
File name:026cc995b5afa23be9d0559467a8a48e.exe
Download: download sample
File size:3'830'272 bytes
First seen:2022-12-20 09:56:13 UTC
Last seen:2022-12-20 11:32:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a87249494f440c44c0c721795a1f3fa7
ssdeep 98304:c5gCH8nU0zmJZKK+zROylwTA+YqofygQ:cD8nTS9+zR3Gmj6
Threatray 7 similar samples on MalwareBazaar
TLSH T1AE0612FD6298375CC42F8C289533EC48B1B6562F4AE5C5BA75DFBAC03B6A410E582F05
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
026cc995b5afa23be9d0559467a8a48e.exe
Verdict:
Malicious activity
Analysis date:
2022-12-20 09:56:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/71991428-90d1-4878-94c9-0916f75d85ab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/348305/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.64382176.9840.32371.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6efbd2d3-38d9-495f-866e-b54e06b1fc37
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1137825
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6bf4aa5973b22b23ffac41a15b042a8dc26758fedfb2b44c8ef89a1bca3715a9/
Threat name:
Win64.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2022-12-19 18:13:54 UTC
File Type:
PE+ (Exe)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=np2kuwltwivsh75migqvwbbkrxbgowh636zliteo7cnbxsrxcwuq._file
Verdict:
malicious
Similar samples:
45e264174085fe4052bcc560146f46d439eb08ef947dfae39b24c722f1c2dc10
77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842
9f20dcac19fb7fe1b341d073280ccd40ecb48b2abe2853c63e6caa0b332ed59a
c96595844ec5098914582c82310207e1409dc6f3935d2372275d7fc63c9fca5f
cde771e7d78eb5d2c0f51e96b1b8b6dcc157fd4439434c5ba0ed8b7af90d1988
d3b87ec103a87ec23a322592a754d114500a0863d7536dc4b105d2671ac453be
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/221220-lyxw2ahb95/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8c5552ef-0e21-40f1-b1ca-15db653db4a6
Unpacked files
SH256 hash:
6bf4aa5973b22b23ffac41a15b042a8dc26758fedfb2b44c8ef89a1bca3715a9
MD5 hash:
026cc995b5afa23be9d0559467a8a48e
SHA1 hash:
eabd75ca7e2b29e37c0048947f565ac314a1b001
Link:
https://www.unpac.me/results/b64a8567-4f5a-4830-84aa-f6ca47dc8589/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6bf4aa5973b22b23ffac41a15b042a8dc26758fedfb2b44c8ef89a1bca3715a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6bf4aa5973b22b23ffac41a15b042a8dc26758fedfb2b44c8ef89a1bca3715a9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/348305/

Comments