MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6
SHA3-384 hash: 725dcc5f7b94fb73b285f494f1fd33fec106011a451dd907269cbb592126375846615a926321fc95841635bbce8f2c50
SHA1 hash: ae5a1b7a21fecf571d037baf85069d5b58b107ba
MD5 hash: f477f5fbc95bbde03a24cf42f6751afa
humanhash: solar-charlie-glucose-hamper
File name:85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6
Download: download sample
File size:171'008 bytes
First seen:2024-03-28 15:17:15 UTC
Last seen:2024-03-28 17:19:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 18ecba85a4db5cb9282cb4f36e09b31d
ssdeep 3072:M3sTSNgdIE4jneWJjxzRTLwlCTYhoDWmdUD2LH0kQhHMzJ+2ZedIcgQ7exgwt:M/e46AvTkmioH0kSwOb2
TLSH T12AF3B547A16760F9D6BFD07996933626F9A134504334AF6B86408E231A33F70F63E729
TrID 50.0% (.EXE) Generic Win/DOS Executable (2002/3)
49.9% (.EXE) DOS Executable Generic (2000/1)
Reporter tildedennis
Tags:exe SILENTNIGHT


Avatar
tildedennis
silentnight version 2.5.1.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
338
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6.exe
Verdict:
No threats detected
Analysis date:
2024-03-28 15:22:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2e0f1f11-f15c-4822-838e-917e6eb5f442

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed zbot
Link:
https://www.filescan.io/uploads/66058a2ef1c80c2d4d5b7937/reports/9afbbc0d-d629-4f91-b54b-1bbce691a48e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Zloader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/958474d3-1e13-4f2d-8b4b-794b4e0ccc79
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1417122
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417122 Sample: 6sg60cSBIQ.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 48 27 Multi AV Scanner detection for submitted file 2->27 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 5 other processes 7->15 process5 17 rundll32.exe 9->17         started        19 WerFault.exe 20 16 11->19         started        21 WerFault.exe 3 16 13->21         started        23 WerFault.exe 16 15->23         started        25 WerFault.exe 16 15->25         started       
Score:
11%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6/
Threat name:
Win64.Trojan.SpywareX
Create hunting rule
Status:
Malicious
First seen:
2024-03-19 14:42:49 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwy2tahlrtwvt6d4wxoxoaxblvwkhbcbyscinggrid75g7jlkxta._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240328-splkzaad34/
Unpacked files
SH256 hash:
85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6
MD5 hash:
f477f5fbc95bbde03a24cf42f6751afa
SHA1 hash:
ae5a1b7a21fecf571d037baf85069d5b58b107ba
Link:
https://www.unpac.me/results/e3f12346-d91e-4753-9f1e-64da4d5ca1d6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/silentnight/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle

Comments