MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7400fed7476a6b4b5045a9f482928e40cbbf34532f9d476507c9f49ac3023ebb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7400fed7476a6b4b5045a9f482928e40cbbf34532f9d476507c9f49ac3023ebb
SHA3-384 hash: c97602fdf648de069eb878cd9d862f5a0c36a86f7864d12462058f3bc49c903c465c3786e3d610677c8a53a289439405
SHA1 hash: dd9a6ae2f2dc8391be5e04cafa6d94bde001852a
MD5 hash: 467edfa2276b1d8479e905e5785c4aac
humanhash: friend-music-march-two
File name:467edfa2276b1d8479e905e5785c4aac
Download: download sample
File size:1'697'264 bytes
First seen:2022-07-22 09:50:00 UTC
Last seen:2022-07-22 10:46:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a2e9cb25582532149f4bf44e10977b0
ssdeep 49152:g0JzxnWz4lhVCWa1Lrc56mjmipfj9DqsYCkcNk:z9xnrlhVCWKPI6mjrhj9DqsYCkH
Threatray 48 similar samples on MalwareBazaar
TLSH T14075F108BD96C831C5704174EE7CF668E738BCB0072558C361AABFDFA572AE59938385
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 0359c444646c693e
Reporter openctibr
Tags:exe OpenCTI.BR Sandboxed signed

Code Signing Certificate

Organisation:www.cuwest.org
Issuer:GeoTrust Global TLS RSA4096 SHA256 2022 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2022-06-22T00:00:00Z
Valid to:2023-06-22T23:59:59Z
Serial number: 0b1e5da02e42ab23d617368b00a2acac
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0f82dbf5a015f742a5c83d416103201303445364794aaad0b814fceaf07e5ae5
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://193.233.193.67/ItsJustACigarette.exe
Verdict:
Malicious activity
Analysis date:
2022-07-22 03:01:15 UTC
Tags:
trojan stealer
Link:
https://app.any.run/tasks/0e9a35e0-2d85-41d6-98dd-1b7009d09516

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/293323/
Detection(s):
SecuriteInfo.com.Variant.Babar.84987.13241.26916.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/26997/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
babar greyware overlay packed
Link:
https://www.filescan.io/uploads/62da730b8fbcdde3606609a0/reports/e20e14d5-fc54-48bc-a3dd-553751b88445/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0be2c440-ae00-4cb5-9c8b-1e3c64a0abf1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1039102
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7400fed7476a6b4b5045a9f482928e40cbbf34532f9d476507c9f49ac3023ebb/
Threat name:
Win32.Trojan.Babar
Create hunting rule
Status:
Malicious
First seen:
2022-07-21 19:46:13 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oqap5v2hnjvuwucfvh2ifeuoidf36nctf6ouozihzh2jvqych25q._file
Verdict:
malicious
Similar samples:
0a84fc0f1fc811c84e6b138e12d11f935c3907f91e5a09092aa2588dca6145a7
1b31323173493f6a6bd5e7eee14ea280bd08d0d8a6edc5834a36354629f5ce9d
691de13efede839b6f009ef91cd90570cc953543ff01fcb1a06f07854f06a9d5
747bff52167a03f0db2458b3a67b8ea292044dafe4dd921f0c6613b7030987a1
7f6aff9bfba1f2b99f44bf234b63b2bbdd9f56accff33e1a258dc229050beb22
8795bb17e6a0ce6dc06236d4042c625f2154bd1d8e5df494c23ffa3e58124395
b6ff145884d38092869144e2e68f0c8e50a64c0f376641396d29778ae96450fd
bc2c5aac27aaaf644147f10e1ad1d43e01ad4cd63787923f6bc81def10067b4b
cbb64bb040b36f1c89cb1fbf72237d46cb31f87ad6e1ea721abff9bc060e3e12
ebcfd0fc3ecbf9281e9f42e858be21770fd7e3d92facd23d3dc589f01b1a1091
+ 38 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery spyware stealer suricata
Link:
https://tria.ge/reports/220722-ltxqgaeeaj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks installed software on the system
Checks BIOS information in registry
Checks computer location settings
Deletes itself
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic gate .php GET with minimal headers
Unpacked files
SH256 hash:
fa47fa76cc9e811e4aac789cd612f36447e72091e3534a4faa4dc8eaa87cd9b6
MD5 hash:
0b441d1f082487e3799457401e2ecd5c
SHA1 hash:
f9075cf2c53a881b24ac0ede11957fb95e0900e9
Link:
https://www.unpac.me/results/6f4d0624-da39-4692-8479-5967a58927d8/
SH256 hash:
7400fed7476a6b4b5045a9f482928e40cbbf34532f9d476507c9f49ac3023ebb
MD5 hash:
467edfa2276b1d8479e905e5785c4aac
SHA1 hash:
dd9a6ae2f2dc8391be5e04cafa6d94bde001852a
Link:
https://www.unpac.me/results/6f4d0624-da39-4692-8479-5967a58927d8/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7400fed7476a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7400fed7476a6b4b5045a9f482928e40cbbf34532f9d476507c9f49ac3023ebb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7400fed7476a6b4b5045a9f482928e40cbbf34532f9d476507c9f49ac3023ebb

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/293323/
  
URLhaus
https://urlhaus.abuse.ch/url/2254670/
  
Delivery method
Distributed via web download

Comments