MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c5c7eabc6132a6f083ab2f820592b985aab4b11ac5e46f944586f0e725fea0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70c5c7eabc6132a6f083ab2f820592b985aab4b11ac5e46f944586f0e725fea0
SHA3-384 hash: bd272906c4915d4b977cfd4dbc11c2d8c623d18f0c6e68eb49063ce4f1e4eb7c85d4c70197723738be7a359cbaed5f91
SHA1 hash: cd83eafff453d8ae37373ee3b26a5befd8cf37c4
MD5 hash: e425b937a52e5ba8497e0bac23b53dd0
humanhash: speaker-hawaii-low-eight
File name:file
Download: download sample
File size:133'632 bytes
First seen:2022-12-11 06:48:14 UTC
Last seen:2022-12-11 17:25:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 97881e7dbf8bbc23bc7b157b94c51b8c
ssdeep 3072:tuz7Vg09hnsEBkPhgbOfxz8wqcGSpReZC:e79tsEhqN8KGyReZC
Threatray 128 similar samples on MalwareBazaar
TLSH T1D9D36B31758BC4B1D64123B1592DEFBE426CCD382F6749D773D42E2A9D280C22E71E6A
TrID 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from https://vk.com/doc139301661_649409052?hash=PJo0RL4dXvfDwdB0lBGACyJZJa6c46fSaQPZUOGJQbX&dl=GEZTSMZQGE3DMMI:1670740857:1ZAph2BN3cCT1WPzA08wtqi2DB1bUbXbyxDMTwqUSoL&api=1&no_preview=1#stats_check

Intelligence

File Origin
# of uploads :
206
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/345115/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
DNS request
Sending an HTTP GET request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/63957d5fa2c2485912c7f2a8/reports/a8718b63-2a0e-4037-9d13-db9d4ebfa079/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/62e403cc-574a-4866-bd27-ef3ca4a91566
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1132120
Signature
Multi AV Scanner detection for domain / URL
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70c5c7eabc6132a6f083ab2f820592b985aab4b11ac5e46f944586f0e725fea0/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=odc4p2v4mezkn4edvmxyebmsxgc2vnfrdlc6i34uiwdpbzzf72qa._file
Verdict:
suspicious
Similar samples:
00ac3efa4faaa3927d28bf7b78793d4dac0c814cdbefb2015734d76bee8c988f
09abe799d30cdceab1600a1421583b1d7a5d3a9b14fb89e7dfa8d4ca4e5c85ac
3c167530a131f9dc899b73b9eac971b38e44d41cf291893fde8e575602c2b846
48643d9ccc694960fb84f505524d0f148a0331a7e2569171ff3999dd60bc7154
5e8bb9cf9da6b05a04a2a65749931534c55992715cab51d79ae070931078a508
6c8131fc986f9477582f43530e0bdc660887285c83360c52e6b68876a57dc9b0
e2663d1ce192e322ff34230d8e81665c7763b2c6790e354f72b7de36dfde23c8
eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6
efb0f928648e6988c29bb03bb6b14f2760870f3040f0195ca1c6ad8ac5fa2dee
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221211-hlb71sbc7y/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/19ebbf50-3487-4d5b-a966-46d7ca5e29d1
Unpacked files
SH256 hash:
70c5c7eabc6132a6f083ab2f820592b985aab4b11ac5e46f944586f0e725fea0
MD5 hash:
e425b937a52e5ba8497e0bac23b53dd0
SHA1 hash:
cd83eafff453d8ae37373ee3b26a5befd8cf37c4
Link:
https://www.unpac.me/results/99b0129a-8d0b-4f07-b3e3-098e80320c52/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70c5c7eabc6132a6f083ab2f820592b985aab4b11ac5e46f944586f0e725fea0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/345115/

Comments