MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f486eaa6498e2e09c5371a0e8b943d19f155778cb44552d1e7ece2a43632774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 14 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f486eaa6498e2e09c5371a0e8b943d19f155778cb44552d1e7ece2a43632774
SHA3-384 hash: 66b77c33ab34e8fdd9edbcd8f303739724bda16d9dbf5e2da1a73a3f66e62bb214ca88a31cc68fd496f4be6af7d95c0d
SHA1 hash: 3c30ff62c5f40c4c60b9e784c5b2cbc7522b7983
MD5 hash: 05d873bc209db12d0d6726ac1cea1df6
humanhash: august-texas-gee-winter
File name:wordwind.bin
Download: download sample
File size:210'389 bytes
First seen:2024-01-06 18:29:48 UTC
Last seen:Never
File type:unknown
MIME type:application/octet-stream
ssdeep 6144:X6ewwIwQJ6vKX0c5MlYZ0b2oiX7I6ysB:7iwQiKDKqogI6JB
TLSH T14C248D5437E40A54F3FE9B78F4B02212CB71B07BA51AE75F19E924E90D62350EA01FA7
Reporter adm1n_usa32
Tags:bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
RO RO
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm asyncrat cmd donut evasive findstr hacktool hook lolbin masquerade netsh njrat packed reg schtasks stealer
Link:
https://www.filescan.io/uploads/65999c2d59502c0e7b2d4859/reports/c6c882bd-6fbe-47d5-86ef-932ef95b1033/overview
Verdict:
Malicious
Labled as:
ShellCode.Donut.Marte.4.Generic
Link:
https://www.hybrid-analysis.com/sample/7f486eaa6498e2e09c5371a0e8b943d19f155778cb44552d1e7ece2a43632774
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f486eaa6498e2e09c5371a0e8b943d19f155778cb44552d1e7ece2a43632774/
Threat name:
Win32.Exploit.DonutMarte
Create hunting rule
Status:
Malicious
First seen:
2023-12-20 15:39:35 UTC
File Type:
Binary
Extracted files:
2
AV detection:
8 of 37 (21.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5eg5ktetdrobhctogqorokd2gprkv3yzncfkli6p3hcuq3de52a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/7f486eaa6498e2e09c5371a0e8b943d19f155778cb44552d1e7ece2a43632774

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse
Create hunting rule
Author:ditekSHen
Description:Detects file containing reversed ASEP Autorun registry keys
Rule name:INDICATOR_SUSPICIOUS_EXE_CC_Regex
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing credit card regular expressions
Rule name:INDICATOR_SUSPICIOUS_EXE_Discord_Regex
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing Discord tokens regular expressions
Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:malware_asyncrat
Create hunting rule
Description:detect AsyncRat in memory
Reference:https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
Rule name:malware_asyncrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:Njrat
Create hunting rule
Author:botherder https://github.com/botherder
Description:Njrat
Rule name:Windows_Trojan_Donutloader_f40e3759
Create hunting rule
Author:Elastic Security
Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_asyncrat_w0
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown 7f486eaa6498e2e09c5371a0e8b943d19f155778cb44552d1e7ece2a43632774

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2747084/
  
Delivery method
Distributed via web download

Comments