MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7
SHA3-384 hash: 4ea847a7b16f9ba64d45de6163958070bc3193dfc5fa43640729e8f13b3eb47467e0e1fe9623f0c4d4441201d9384877
SHA1 hash: 408414858255ec6ac62aa93367291c5a25a5ce97
MD5 hash: 2768f05887206056a6e80652751971b7
humanhash: robert-carolina-potato-failed
File name:xPkif.cpl
Download: download sample
File size:1'743'360 bytes
First seen:2022-09-10 11:55:29 UTC
Last seen:2022-09-10 12:52:11 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 89039f15347966393e1f4f32c93f27c9
ssdeep 49152:nsQYbcSnZYlnVjk21cCOqMCMYB1dq9USsw:nsQSZYk21cPxrYB1d4U3
Threatray 3 similar samples on MalwareBazaar
TLSH T1FA85F126B1A14D33C073567D8E6B6A74A82EFE013E387A4737EB1C485F792917916383
TrID 47.6% (.EXE) Win32 Executable Delphi generic (14182/79/4)
15.1% (.EXE) Win32 Executable (generic) (4505/5/1)
10.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
6.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
6.8% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter r3dbU7z
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
418
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/309134/
Detection(s):
SecuriteInfo.com.Win32.CrypterX-gen.26740.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
greyware keylogger packed qakbot
Link:
https://www.filescan.io/uploads/631c7bd3a90642bcbbfb3839/reports/4e20293c-1422-4faa-957c-8a2854a5f25f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/507ff9fa-ef4a-469e-a8c5-069f4cfb65db
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1068203
Signature
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 700735 Sample: xPkif.cpl.dll Startdate: 10/09/2022 Architecture: WINDOWS Score: 56 15 Multi AV Scanner detection for submitted file 2->15 17 Machine Learning detection for sample 2->17 7 loaddll32.exe 1 2->7         started        process3 signatures4 19 Contains functionality to detect sleep reduction / modifications 7->19 10 cmd.exe 1 7->10         started        process5 process6 12 rundll32.exe 10->12         started        signatures7 21 Contains functionality to detect sleep reduction / modifications 12->21
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2022-09-10 11:56:11 UTC
File Type:
PE (Dll)
Extracted files:
48
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qomkhcnjgpm4qzhr5faeslbvjwgqi6k3ifj6zz5jmfpiyjvmg3tq._file
Verdict:
malicious
Similar samples:
47552602c8bee071b42ef171d4b515f2d339d6440b117a7d0e97e0b389a78c06
e1c1ddf6eb34c6be593f5a46848af10dedaaf5917f55023b26d918e61709e8bb
ef87eac9116238891e4267d49e2e26e9d613205a23ebf64cffe4af2f1b949e83
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220910-n31jtsdgdq/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
e119697e2073cc0ebc12d37d727e66a4bdae8d5e5e27b3231bac76e897b64acc
MD5 hash:
215e26df1579ed32a4d4070beb89007d
SHA1 hash:
37124bda382c4d3f89bb8a8f8426fc224cedcd11
Link:
https://www.unpac.me/results/490f530e-c153-4616-938a-c9f58e0ec1a6/
SH256 hash:
8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7
MD5 hash:
2768f05887206056a6e80652751971b7
SHA1 hash:
408414858255ec6ac62aa93367291c5a25a5ce97
Link:
https://www.unpac.me/results/490f530e-c153-4616-938a-c9f58e0ec1a6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 8398a389a933d9c864f1e940492c354d8d04795b4153ece7a9615e8c26ac36e7

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/309134/

Comments