MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53
SHA3-384 hash: 4120e80eb338110b473906b2b49857db0a9e873bf297267d8583e6355fe52dc2b8b474725fd807e4fa965acac4bb7b4f
SHA1 hash: d1f53a3c00264be804ac549eea27e8c77b45e331
MD5 hash: 50578968cd7f73da1b5e5483e4850fe2
humanhash: washington-saturn-nineteen-sad
File name:payload_enc.exe
Download: download sample
File size:1'588'594 bytes
First seen:2022-10-23 19:16:55 UTC
Last seen:2022-12-29 22:13:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a1d237bb932cee4de0462889af8a4f06
ssdeep 24576:cxSyg9eQnj3zDw11AdX92GVJG6wJ6clMN81s3Acwhk15:cx1Sx1kGPzwhk15
Threatray 2'888 similar samples on MalwareBazaar
TLSH T1BA75C7831DCB0EA6DDD23BB8B1D31329A778FD70CF6E4E2AA608413558532C5AD5AF41
TrID 51.8% (.EXE) UPX compressed Win64 Executable (70117/5/12)
19.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
12.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
7.7% (.EXE) Win64 Executable (generic) (10523/12/4)
3.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter r3dbU7z
Tags:backdoor exe ShikataGaNai

Intelligence

File Origin
# of uploads :
3
# of downloads :
413
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
payload_enc.exe
Verdict:
No threats detected
Analysis date:
2022-10-23 19:19:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/69897302-79ad-441b-9ad1-dea43696c06d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323061/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62949201.24946.4731.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching cmd.exe command interpreter
Creating a process with a hidden window
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug overlay packed spyeye
Link:
https://www.filescan.io/uploads/635593314fc319a52d564b6f/reports/f61b5a17-5fc6-4a95-bbf2-e0df3487a15b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a8888ce0-4fae-4e4a-acd4-96ff4361d5a0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1096021
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-19 14:11:41 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pkdj2wpvc6j3qcx3quai6tz6jkx4utg6w5s5g2x2ji5kjbfz7zjq._file
Verdict:
malicious
Similar samples:
19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704
6c02cd3294f998736222c255ddd163b9d5e72dfbf3492bfdd43519a46ed609de
6f64d864d4cdeaa6062e44e34c0969ebdead56edb22e5a2b61c987ca3400fad4
74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730
92c65e95b508ffacd2d7a36957599eb2d930a0d1a8b76a5c4551ee6e9d4da67e
e1dcadc94c7659b12eca375e35858bf68ea02a626078dd5e41eb9bede572417c
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
f926a1a530de30ce239568935fa6c2f04d18a29883ad34f8256efdd883d036bb
+ 2'878 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/221023-xzcs2acbal/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
UPX packed file
Unpacked files
SH256 hash:
7dbad8494c7f3a910a84b767883ecd828e4a77b5a939f120eeb1b55ce7f50426
MD5 hash:
5d78257f678d36a0af55d495d26375d2
SHA1 hash:
b815e2f84b9313ca3a1ca8d1a171f0854f19539b
Link:
https://www.unpac.me/results/a0c3ede0-9f59-45e1-be93-5ba4e136e688/
SH256 hash:
7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53
MD5 hash:
50578968cd7f73da1b5e5483e4850fe2
SHA1 hash:
d1f53a3c00264be804ac549eea27e8c77b45e331
Link:
https://www.unpac.me/results/a0c3ede0-9f59-45e1-be93-5ba4e136e688/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7a869d59f51793b80afb85008f4f3e4aafca4cdeb765d36afa4a3aa484b9fe53

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/323061/

Comments