MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5
SHA3-384 hash: 2ba172520c7b7587e59c07898cfac12d6306d540ee5cc53a2c70d4614d56c49c53374f469e5d067b475c464c7c8d9368
SHA1 hash: 00b540206eb84510c6f83214cc36cb4feae98350
MD5 hash: 3b8579aeb36281078f0a9a3834d4ac2a
humanhash: nuts-queen-double-cold
File name:3b8579aeb36281078f0a9a3834d4ac2a.exe
Download: download sample
File size:882'880 bytes
First seen:2021-01-09 18:29:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 578738b5c4621e1bf95fce0a570a7cfc (1 x BazaLoader)
ssdeep 24576:HJJ+g7E7u+U263q3wzdnelgqB6xHHMXVSAPXn0:pAJyzAJQHM
Threatray 67 similar samples on MalwareBazaar
TLSH C815C04BFBB440F5D066D139C9738A46E7B1BCAD4B71838F126857AB2F336919C29321
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3b8579aeb36281078f0a9a3834d4ac2a.exe
Verdict:
No threats detected
Analysis date:
2021-01-09 18:31:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b170b41f-1d13-436b-b05f-20ea51cc1be1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111137/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Unauthorized injection to a recently created process
Sending a custom TCP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/577352
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5/
Threat name:
Win64.Infostealer.Trickster
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 21:56:25 UTC
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
093f2b5a9d4628d9331751d7e6d3582cf097ab3f4091463ec895052dee8d22c3
3f6e996ee4a40d2d19b648669d9146562627359626239324937a5c75f8030824
40e57eae3bb200542384e2da14a92ca88d1b806f9f9e8e577468da2594ad1c84
a3b2528b5e31ab1b82e68247a90ddce9a1237b2994ec739beb096f71d58e3d5b
ac696ef5a12039b72e408b6b14e08823c407ee652a6a36b7c33d01cd8d373497
c81fe7326d72e662a185c7bccb19bd31481ffdf53ef0fb1019027d9d16e5a9d9
cae79d8ceb527eb8367b1df9e916718e4329d2768ed0b7e61f7c406af9d21f31
d362c83e5a6701f9ae70c16063d743ea9fe6983d0c2b9aa2c2accf2d8ba5cb38
e3f87e59fd8941eb351fda58d6dc02de81968955491239b8e1ca1ad8e05db0ad
f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf
+ 57 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/210109-brbverj67j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Unpacked files
SH256 hash:
6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5
MD5 hash:
3b8579aeb36281078f0a9a3834d4ac2a
SHA1 hash:
00b540206eb84510c6f83214cc36cb4feae98350
Link:
https://www.unpac.me/results/7b09ca17-3148-41c5-90f8-7462b5c147d8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/111137/

Comments