MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f96d59cb02229529b14761f979f710bca500c68cc2b37d80e60e751f809475e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f96d59cb02229529b14761f979f710bca500c68cc2b37d80e60e751f809475e
SHA3-384 hash: e3361e978fd257a3ab30aa7203020d63490f8648ef46b16c6dd874d7e619719e38636b99c929ad0b8c7f1ee7b9fce4d1
SHA1 hash: 489c36c9ea3fb90f61209d43efffd8d997a362c6
MD5 hash: 9ec1fcb11b597941bec03078cccab724
humanhash: floor-mountain-winner-december
File name:INFORMAT.bin
Download: download sample
File size:1'542 bytes
First seen:2022-05-05 14:11:07 UTC
Last seen:Never
File type:Shortcut (lnk) lnk
MIME type:application/octet-stream
ssdeep 12:8sY0m/3BVSXzZUBW+fcwiFvPywMY+L1vP3iN37+lbYM36:81J/ByUA+fYFv6wkL1vurabb36
TLSH T1E331FF080BDA0715C2B2CA36A8AEA312A9A57846E9934F5A02D056C4282A211F871E2A
Reporter Arkbird_SOLG
Tags:APT29 lnk

Intelligence

File Origin
# of uploads :
1
# of downloads :
383
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
File Type:
LNK File
Link:
https://app.docguard.net/7f96d59cb02229529b14761f979f710bca500c68cc2b37d80e60e751f809475e/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
cmd cmd.exe evasive masquerade
Link:
https://www.filescan.io/uploads/6273db17a796b193480a4106/reports/1bd3aed5-2157-41d7-9da2-25adc3e92e9c/overview
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/988565
Signature
Windows shortcut file (LNK) starts blacklisted processes
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 621065 Sample: INFORMAT.bin Startdate: 05/05/2022 Architecture: WINDOWS Score: 48 10 Windows shortcut file (LNK) starts blacklisted processes 2->10 6 cmd.exe 1 1 2->6         started        process3 process4 8 conhost.exe 1 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f96d59cb02229529b14761f979f710bca500c68cc2b37d80e60e751f809475e/
Threat name:
Shortcut.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-05 12:29:50 UTC
File Type:
Binary
AV detection:
6 of 25 (24.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220505-rhtsbsgca9/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f96d59cb02229529b14761f979f710bca500c68cc2b37d80e60e751f809475e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:EXE_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies executable artefacts in shortcut (LNK) files.
Rule name:Long_RelativePath_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

iso 4c68c840ae1a034d47900ebdc291116726fd37b3ab0b7e026fad90eaab84d820

Shortcut (lnk) lnk 7f96d59cb02229529b14761f979f710bca500c68cc2b37d80e60e751f809475e

(this sample)

  
X
https://twitter.com/ShadowChasing1/status/1522180445789573124
  
Dropped by
SHA256 4c68c840ae1a034d47900ebdc291116726fd37b3ab0b7e026fad90eaab84d820
  
Dropped by
MD5 110c4ae194e7b49ed3e3b254d599f7f4

Comments