MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e
SHA3-384 hash: d5a034ff35baf948454fdbb4b70b6979966176bfd7a64907f88fe3ee8d0fc9fb42dd382f6a33d9bccc8f7a3b8d7830ec
SHA1 hash: 5683143fd0dcd763ee601c9cd4b397da8d263610
MD5 hash: 4a100dc648cbccfc1960d13541c9c395
humanhash: sierra-romeo-batman-arizona
File name:4a100dc648cbccfc1960d13541c9c395
Download: download sample
File size:12'780'544 bytes
First seen:2023-02-03 10:13:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24bff06826129533a09ce490c5fe8ff8
ssdeep 393216:3+UkDN3oYrdvMc5K1bPSi9AMdnEFSNpoZFrT:3tO33r75K8sdnEFSXoZZ
TLSH T1DBD6339559D792F8C9C77970AA1B9ECF32FA11F65A814C30E8C54AC2B7F5EF93402182
TrID 63.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.2% (.EXE) Win32 Executable (generic) (4505/5/1)
4.2% (.ICL) Windows Icons Library (generic) (2059/9)
4.1% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4a100dc648cbccfc1960d13541c9c395
Verdict:
Malicious activity
Analysis date:
2023-02-03 10:14:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/70537fc6-6677-48ee-8a4a-0b0f3e80f91b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/359826/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63dcde6c696b2d9725752c29/reports/3c30161d-c206-489a-b9eb-a15686175b61/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c132bdf9-de04-413b-9426-a6532114c04b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1164987
Signature
Antivirus detection for dropped file
Creates autostart registry keys with suspicious names
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 797758 Sample: cq2tJfCSSB.exe Startdate: 03/02/2023 Architecture: WINDOWS Score: 72 30 Multi AV Scanner detection for submitted file 2->30 32 Machine Learning detection for sample 2->32 34 PE file contains section with special chars 2->34 7 cq2tJfCSSB.exe 1 5 2->7         started        11 DocumentsMicrosoft-type4.2.8.4.exe 1 2->11         started        13 DocumentsMicrosoft-type4.2.8.4.exe 1 2->13         started        process3 file4 26 C:\...\DocumentsMicrosoft-type4.2.8.4.exe, PE32 7->26 dropped 28 DocumentsMicrosoft...exe:Zone.Identifier, ASCII 7->28 dropped 36 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 7->36 38 Creates autostart registry keys with suspicious names 7->38 15 DocumentsMicrosoft-type4.2.8.4.exe 1 7->15         started        18 conhost.exe 7->18         started        20 conhost.exe 11->20         started        22 conhost.exe 13->22         started        signatures5 process6 signatures7 40 Antivirus detection for dropped file 15->40 42 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 15->42 24 conhost.exe 15->24         started        process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-02-03 08:58:37 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pcu6gh6cchi6unrzhmh35dulhqmfiscvyn2gthllwuksa5tpwrha._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230203-l9m6zahf3t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
e16b58188b233c877e09af784461f6f9b18605cae2acff97d08b76fbd14bb401
MD5 hash:
0c8ce6ef8bfea87d853dfc2e24725700
SHA1 hash:
49114d5828eca0aa870cab27e4a0828060075d4d
Link:
https://www.unpac.me/results/07549d03-d948-4845-ab93-2d2367a0cf05/
SH256 hash:
78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e
MD5 hash:
4a100dc648cbccfc1960d13541c9c395
SHA1 hash:
5683143fd0dcd763ee601c9cd4b397da8d263610
Link:
https://www.unpac.me/results/07549d03-d948-4845-ab93-2d2367a0cf05/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 78a9e31fc211d1ea36393b0fbe8e8b3c18544855c374699d6bb51520766fb44e

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/359826/
  
URLhaus
https://urlhaus.abuse.ch/url/2469977/

Comments


Avatar
zbet commented on 2023-02-03 10:13:31 UTC

url : hxxp://77.73.134.24/Clip1.exe