MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d0c8b1c8079ad4db2e523bdde3d9fed95003c5aa19073bceddb7b3375bfc6d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d0c8b1c8079ad4db2e523bdde3d9fed95003c5aa19073bceddb7b3375bfc6d2
SHA3-384 hash: 2289036de749d85badbd04534313fbd3248f2d147e8c89af4b85e7637da9eb9684eac2732283d8cfd37da867902e98e2
SHA1 hash: c07eb37c1b11d6f037cb0facde6bb6b8d7a3b6d6
MD5 hash: dd76d5276a9ce3d9572f16ae76456c8c
humanhash: violet-hamper-august-nuts
File name:ORDER_2021.exe
Download: download sample
File size:204'800 bytes
First seen:2021-05-17 05:17:20 UTC
Last seen:2021-05-17 05:44:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e5eb49e3354241ad00a42b392681b7c7 (1 x GuLoader)
ssdeep 1536:eV1pUaux9GmKBPj6RrneCVn0H9DG6IXFbjNZhU5BLdYTjl3I87B:eHaa2oMreAn0I6IX1BAqX
Threatray 1'395 similar samples on MalwareBazaar
TLSH 8014E7563E54F831F55689BD5A10537E24B7FCB0149D640FC2033A3DAEB43E9AA28E4B
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ORDER_2021.exe
Verdict:
No threats detected
Analysis date:
2021-05-17 05:19:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e819bdc5-134b-43b8-ab2f-40a6f7aabc33

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/783285
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d0c8b1c8079ad4db2e523bdde3d9fed95003c5aa19073bceddb7b3375bfc6d2/
Threat name:
Win32.Worm.Wbvb
Create hunting rule
Status:
Malicious
First seen:
2021-05-17 05:18:10 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nugiwheapgwu3mxfeo654pm75wkqapc2ugihhphn3n5tg5n7y3ja._file
Verdict:
suspicious
Similar samples:
12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
184676b18d687073308c791c9145f0b0c8bc6a75fd4ed7aff7803381701c06f0
22b13820a6139c7682d5e1108aefde2200dc593e14fe7fca28eb27d5e616bef7
34a666042ff3ad45f4e1e37776cc55d4f4fdd1bcd8233852839d55fc076410d1
39874f3eb3d660ef8af1c02af08ddfa4d3dc14aedf2c216e3e1f8639813bf2e1
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092
c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3
c63a3f86be406a11e8f7760403e407a97441753205f8cef432fd634856ca2992
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
+ 1'385 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210517-x2lnjqpnna/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6d0c8b1c8079ad4db2e523bdde3d9fed95003c5aa19073bceddb7b3375bfc6d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 6d0c8b1c8079ad4db2e523bdde3d9fed95003c5aa19073bceddb7b3375bfc6d2

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-17 05:59:58 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0019] Data Micro-objective::Check String