MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798
SHA3-384 hash:	6e8caaa298b6fc5c1493fc5332bcc518df14974d50ce772701dc97957be1e99406a4e171e737964b3e8d1becc9f503fc
SHA1 hash:	2dcf5153305aa883cc1c2e5b87d2038cfcebb122
MD5 hash:	655064d642e92a4080fb1932692064c0
humanhash:	india-batman-fanta-kentucky
File name:	Nuclear_installations_in_Ukraine(v3).exe
Download:	download sample
File size:	10'387'799 bytes
First seen:	2023-12-29 20:47:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	75e9596d74d063246ba6f3ac7c5369a0 (8 x DCRat, 5 x PythonStealer, 4 x CoinMiner)
ssdeep	196608:VOAEBtDJDMHi9PO0W30Bs5psTKf7D4wWRLLejIhNvCj8vH4yBYpR:MtG3LIsITw/lWRLyj4HbBYR
TLSH	T1ADA63352FA6B8476DC312DF20973531F8F7C90100E6147EB43ED3B69AA3468A1A3AD17
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	68cc4ce8e8f069cc
Reporter	smica83
Tags:	exe UKR

Intelligence

File Origin

# of uploads :

# of downloads :

329

Origin country :

Vendor Threat Intelligence

Detection(s):

Win.Dropper.njRAT-9986242-0

Win.Dropper.Nanocore-9986456-0

Win.Malware.Bladabindi-10008357-0

Win.Packed.Babar-10012967-0

Win.Packed.Bladabindi-10017056-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% subdirectories

Creating a process from a recently created file

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm control expand fingerprint installer lolbin lolbin overlay packed packed setupapi sfx shdocvw shell32

Link:

https://www.filescan.io/uploads/658f30846b1c2460460f0d38/reports/89a84e54-1c1a-45b0-a404-0567322e0eec/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/97764590-84b1-4b86-a6b7-7a1a02628b92

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw.evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1368075

Signature

Contains functionality to modify clipboard data

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

98%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2023-12-29 20:48:10 UTC

File Type:

PE (Exe)

Extracted files:

1414

AV detection:

12 of 23 (52.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=piyclpsbwgemuo2lkoipegahjrwwhe4swwppzgvog4hhwcb3g6ma._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

pyinstaller

Link:

https://tria.ge/reports/231229-zle3caahd2/

Behaviour

Suspicious use of WriteProcessMemory

Detects Pyinstaller

Enumerates physical storage devices

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unpacked files

SH256 hash:

7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798

MD5 hash:

655064d642e92a4080fb1932692064c0

SHA1 hash:

2dcf5153305aa883cc1c2e5b87d2038cfcebb122

Link:

https://www.unpac.me/results/5d691f08-6281-4530-99b6-7ec77552ba03/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7a3025be41b188ca3b4b5390f218074c6d639392b59efc9aae370e7b083b3798

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample