MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7aede26814390ce8fbdfecd526a98e407f473f15d918356aede0344a4cd9bf6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7aede26814390ce8fbdfecd526a98e407f473f15d918356aede0344a4cd9bf6b
SHA3-384 hash: 7229539da138b4279adffa13cae06c5d8d50c5e8a3f21bd65c916d7bd82503e853ba694d76b1e327afe93de8e2bd5c57
SHA1 hash: b0ec9747de1ebf78855d11944256a88383b6cb5c
MD5 hash: b9b5a2d198456adfa660031406bedd82
humanhash: steak-helium-mirror-delta
File name:DeadBlonde.exe
Download: download sample
File size:7'680 bytes
First seen:2022-03-07 09:13:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'743 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 96:HCyXBmyXBA0Nj98tqx9HYHIH7Q4B9R2LtF6W7ulxqPZDNzNt:iykyuqXYHIbQOGFexSZDn
Threatray 28 similar samples on MalwareBazaar
TLSH T175F1FA04E7E81233DDBF5734A877530047B5F7929E53DA6E5C89D20B1E323A246A2973
Reporter benkow_
Tags:exe Loader

Intelligence

File Origin
# of uploads :
1
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/247811/
Detection(s):
SecuriteInfo.com.IL.Trojan.MSILZilla.15883.29981.21900.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Creating a file in the %temp% subdirectories
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
Changing a file
Creating a window
DNS request
Unauthorized injection to a recently created process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6692b555-0811-4c15-b605-4e4ef12884c2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/951655
Signature
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7aede26814390ce8fbdfecd526a98e407f473f15d918356aede0344a4cd9bf6b/
Threat name:
ByteCode-MSIL.Trojan.Tiny
Create hunting rule
Status:
Malicious
First seen:
2022-03-05 19:07:10 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
18 of 27 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
26ebf8a0830652c9ea0de64dc0dca6d62caffc0aaa34abf43e7c410095c502ce
329124b60b7448161d04534367d765f8d3385e52d2f711a52a505136f4590fbf
4f4d29507bafc223646d98f5fed78d52dd96caeee2072ff17b15718b45a1811f
51cd26db1cfc4836b7d3fe6f25332b9c9b95da07781e1ff5604bea768faca0d8
808c5a48460a554e1e548b6c3051cc6c305010abe9226b028a65d6129914e1f7
ba2bc430c4661aab84cf7e8fedf2684e5fc106f7797af4553aef7490193b00a6
c0d987ad7ee62821d36c32825eae19ab228ec74793ca0b18e8a20276dd812138
d3b27ba36d01a6ed5492d662c20b38569b0019c29fe065e8f810b369fba76531
e49a09c8b47f21970536a21d7a04e462ec244356901646381ac1e380b91a564a
e4e83da67fd3f55e11731966f74fcc95a418ae4c0e93711bacd5876d6f768eaa
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220307-k7bvgsced6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
7aede26814390ce8fbdfecd526a98e407f473f15d918356aede0344a4cd9bf6b
MD5 hash:
b9b5a2d198456adfa660031406bedd82
SHA1 hash:
b0ec9747de1ebf78855d11944256a88383b6cb5c
Link:
https://www.unpac.me/results/03771c98-5616-4346-ae62-1dd6f831b5a5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/7aede26814390ce8fbdfecd526a98e407f473f15d918356aede0344a4cd9bf6b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7aede26814390ce8fbdfecd526a98e407f473f15d918356aede0344a4cd9bf6b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2081682/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/247811/

Comments