MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73f0b1dbcd3b73bcc2740cd4f7eb7ee80a4bcc641b497569b952d007b5b2cd32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	73f0b1dbcd3b73bcc2740cd4f7eb7ee80a4bcc641b497569b952d007b5b2cd32
SHA3-384 hash:	531d04e9b8805a9438dfc0d7c18bae164f20db6d8543a46bd18d8175b69e9b1ab83a2b9d566814278afca1b2064a0a96
SHA1 hash:	901e6a2e12bdc3789515276d16ccdc7600c5874d
MD5 hash:	da00f33bf6e455214382edb1556ce5ae
humanhash:	spaghetti-two-oregon-shade
File name:	backdoor.exe
Download:	download sample
File size:	81'614 bytes
First seen:	2022-04-15 05:33:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5662cfcdfd9da29cb429e7528d5af81e (1 x Twabot)
ssdeep	1536:qgbqRUz6P21x61jMT0mTFibDKa1FohJYqP2toCuhgUQ:qpA6e1x61iBob2QFoUq+toFh/Q
TLSH	T1B4836B5FA981BFB3CF2589B84D4650BD2DAA3F31EC2DD49EBE9C1F0E07E42911528056
TrID	29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.3% (.EXE) Win32 Executable (generic) (4505/5/1) 13.5% (.MZP) WinArchiver Mountable compressed Archive (3000/1) 9.3% (.EXE) Win16/32 Executable Delphi generic (2072/23) 9.1% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	499676ce96cc718e (1 x RedLineStealer, 1 x Anubis, 1 x Wabot)
Reporter	adm1n_usa32
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

281

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

backdoor.exe

Verdict:

Suspicious activity

Analysis date:

2022-04-15 05:32:30 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3bfbbc4a-60bd-421a-8f62-4562b4709f7a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/263900/

Detection(s):

Win.Trojan.Wabot-7053120-0

Win.Trojan.Delf-9872052-0

Win.Trojan.Delf-9872053-0

Win.Malware.Dqqd-9873189-0

Win.Malware.Dqqd-9873193-0

Win.Malware.Dqqd-9873352-0

Win.Trojan.Wabot-6113548-0

Win.Trojan.Wabot-6874758-0

Win.Trojan.Wabot-8

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Сreating synchronization primitives

Creating a file

Running batch commands

Creating a process with a hidden window

Launching a process

Searching for the window

Creating a window

Searching for synchronization primitives

Enabling autorun

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/13933/overview

Behaviour

MalwareBazaar

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

explorer.exe fingerprint greyware overlay packed poison scar worm

Link:

https://www.filescan.io/uploads/625903cbffe27d5119d6acd4/reports/146fd941-7a39-4268-b91d-9058fde1ba17/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ee68e45d-6d82-4cde-b8a8-0eff14120939

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/977265

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/73f0b1dbcd3b73bcc2740cd4f7eb7ee80a4bcc641b497569b952d007b5b2cd32/

Threat name:

Win32.Trojan.ShellIni

Status:

Malicious

First seen:

2022-04-13 11:58:08 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

37 of 42 (88.10%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/220415-f9expsahc2/

Behaviour

Drops file in System32 directory

Modifies WinLogon for persistence

Unpacked files

SH256 hash:

73f0b1dbcd3b73bcc2740cd4f7eb7ee80a4bcc641b497569b952d007b5b2cd32

MD5 hash:

da00f33bf6e455214382edb1556ce5ae

SHA1 hash:

901e6a2e12bdc3789515276d16ccdc7600c5874d

Link:

https://www.unpac.me/results/22f0c009-ae6b-403e-ba2c-6a47225b781c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/73f0b1dbcd3b73bcc2740cd4f7eb7ee80a4bcc641b497569b952d007b5b2cd32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/263900/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample