MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d
SHA3-384 hash: 86fc0e6bd43c729fdd878402e7f914f96d9fc5cab76ffc043027e9a4716b2f1ec8deebfe957d7979a1ae88913527567a
SHA1 hash: e9a1cb0501180735ed8d294c5ae346300452b544
MD5 hash: 7d9e115f69a5aa82fc3ebbb01d378b56
humanhash: alaska-moon-yankee-eighteen
File name:7d9e115f69a5aa82fc3ebbb01d378b56.exe
Download: download sample
File size:3'871'636 bytes
First seen:2021-02-11 08:16:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be41bf7b8cc010b614bd36bbca606973 (195 x LummaStealer, 126 x DanaBot, 63 x Vidar)
ssdeep 98304:GQD46Y6tyy3zULt7XhliF2t5qLL4xJvQyNIIB4:GQD1b8yCpXhlibOFC+4
Threatray 36 similar samples on MalwareBazaar
TLSH 3F0633939F81CA50E6872C735D79374EFB7EB89301918DC7D7896FA89D230066623392
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116705/
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/605481
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 09:09:23 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
23b038034753de2b160a1039ad4f724f0cb75d57d0f73af56d592850c82a20cb
311a51eef668a68b50238afa2b983f99d8c92149493a63a9aaf64205cee2267b
50291fb5edd36f2d5a467e0beed36433f35a118e220984afb775924135a62e20
5c7291c8c0c9aae91453faabe543abd6da50a2600ba74cd9fd1faa18a939cd4b
8e76055823664f0cabcd8fdd17ccdef01f0dcc584346b59d8c0dfbfefa547ab2
a60bca7fe5f791929252f0ecb6f3bc54f0e29805cd7f4b0cad671c9fd0d23a12
bc72fe3773c493bad93eb42d13397d7c6a5e910f1c964d274cd728326a4a1ed7
c6fabe2e224e7c72496f3fbd3241ee6aeef85ee68611c1b0e518cb420cfa2459
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
+ 26 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210211-1dw195sd6s/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Unpacked files
SH256 hash:
6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d
MD5 hash:
7d9e115f69a5aa82fc3ebbb01d378b56
SHA1 hash:
e9a1cb0501180735ed8d294c5ae346300452b544
Link:
https://www.unpac.me/results/15506383-374c-4de3-9112-a05ce00372ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/998482/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/116705/

Comments