MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75baa1b9e7f28dea46a16e7b2ecfb574e57fb351fb53ce61091401df05bcdb9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mansabo

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	75baa1b9e7f28dea46a16e7b2ecfb574e57fb351fb53ce61091401df05bcdb9d
SHA3-384 hash:	dbc56f882ccd1adc75eae902fbc081f311e6ee783849a500e771762cc7233cb771329cca8fed5eeff22b206880fd159d
SHA1 hash:	31c871d408b05739a8f546202a38ceae09728f26
MD5 hash:	217c83e15318d6f4fa36f72705eabd50
humanhash:	orange-spring-magazine-eighteen
File name:	virussign.com_217c83e15318d6f4fa36f72705eabd50
Download:	download sample
Signature	Mansabo Create hunting rule
File size:	1'497'244 bytes
First seen:	2022-07-15 16:17:21 UTC
Last seen:	2024-07-24 16:14:24 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	58471b8a9f8702d1a9e4838d7b7d501a (9 x TrickBot, 5 x Mansabo)
ssdeep	24576:zQ5aILMCfmARwja2LOeQbHpmgPLWykLsT3+XeuEM8+nD1:E5aIwC+AaWnTH3svD1
TLSH	T1C165E129EB247976F257097576102A9F3C818D780253DF86EB8685CDB402EA3F2F5327
TrID	54.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 18.3% (.EXE) Win64 Executable (generic) (10523/12/4) 8.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.8% (.EXE) Win32 Executable (generic) (4505/5/1) 3.5% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	KdssSupport
Tags:	exe

KdssSupport

Uploaded with API

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

virussign.com_217c83e15318d6f4fa36f72705eabd50

Verdict:

No threats detected

Analysis date:

2022-07-16 08:10:52 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3c963fb7-a8b6-4bfd-b0e7-78004c59ac93

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/289868/

Detection(s):

Win.Malware.Mansabo-7102049-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay

Link:

https://www.filescan.io/uploads/62d1939e0b00dfa734f2a154/reports/906c56f8-430e-473c-b520-6faca10f20e4/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1034531

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/75baa1b9e7f28dea46a16e7b2ecfb574e57fb351fb53ce61091401df05bcdb9d/

Threat name:

Win32.Trojan.Mansabo

Status:

Malicious

First seen:

2022-07-11 02:30:44 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 26 (92.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ow5kdoph6kg6urvbnz5s5t5votsx7m2r7nj44yijcqa56bn43ooq._file

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220715-trx78acbc2/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

75baa1b9e7f28dea46a16e7b2ecfb574e57fb351fb53ce61091401df05bcdb9d

MD5 hash:

217c83e15318d6f4fa36f72705eabd50

SHA1 hash:

31c871d408b05739a8f546202a38ceae09728f26

Link:

https://www.unpac.me/results/0ceea87e-b764-40f9-b134-10d98fe070fc/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/75baa1b9e7f28dea46a16e7b2ecfb574e57fb351fb53ce61091401df05bcdb9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mansabo

exe 75baa1b9e7f28dea46a16e7b2ecfb574e57fb351fb53ce61091401df05bcdb9d

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/289868/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample