MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9
SHA3-384 hash: 39c219fb478871d743b26ce5fa984ba1d27bc3d941f7f550ab244069dd8459a5ae3ebfc6b4f64654026ac45761025882
SHA1 hash: 9f671a055d0f8ea03bca51f957b6385b84754bc0
MD5 hash: 45a2d79b36fe8ddbf8752e261912b7d6
humanhash: vermont-lion-dakota-social
File name:45a2d79b36fe8ddbf8752e261912b7d6.exe
Download: download sample
File size:737'792 bytes
First seen:2023-06-22 18:00:08 UTC
Last seen:2023-06-22 18:00:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0330cb8599ebc8e2472474ca94c4c09a
ssdeep 12288:/BsQymkTPsu+dK8T5t1V/mojJBCVCSb1AYOwB/CXWxgZ:Emdu+4UzlmoNQJW4CGQ
Threatray 26 similar samples on MalwareBazaar
TLSH T1BCF4F11070818C32E87315324FFC9AB8672AB951176579FB23D44EBE8FD97D2E132A15
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
247
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
45a2d79b36fe8ddbf8752e261912b7d6.exe
Verdict:
No threats detected
Analysis date:
2023-06-22 18:01:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3d47cb59-b54d-41dd-8e30-d0c6132363c5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/401730/
Detection(s):
SecuriteInfo.com.Variant.Babar.215418.8945.14709.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/92151/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lolbin packed
Link:
https://www.filescan.io/uploads/6494a7af72b30d3d8e17c7da/reports/170acf7f-4f6f-4426-8561-843f19dc545a/overview
Verdict:
Malicious
Labled as:
Babar.Generic
Link:
https://www.hybrid-analysis.com/sample/877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Conti
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8839a97d-62c0-44d5-acb9-283acfde9647
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1259929
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 892949 Sample: PGhrKIgZu9.exe Startdate: 22/06/2023 Architecture: WINDOWS Score: 52 15 Multi AV Scanner detection for submitted file 2->15 17 Machine Learning detection for sample 2->17 6 PGhrKIgZu9.exe 1 2->6         started        process3 process4 8 WerFault.exe 24 9 6->8         started        11 conhost.exe 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Unicode 8->13 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9/
Threat name:
Win32.Trojan.Babar
Create hunting rule
Status:
Malicious
First seen:
2023-06-22 18:01:05 UTC
File Type:
PE (Exe)
AV detection:
13 of 37 (35.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q5644bsalxlbllu3qogsa3s3kspne2nntamqoio4uzzr3kbqvhuq._file
Verdict:
unknown
Similar samples:
121312c1dcf375ac0ba310f43084b4d185639d615b1183c900a483ad16e92094
29f8caa4248a60f8e6d058fec89fd8679c7a7b695e30c3bb2582450864fc9585
42b6e8227496414ba6c5eeeb5c77d2f281145f0c8901c948802c83f6564258da
5f4bfa1c4fc1b5d0f8dadb74ca35b3ee413ba48406704cef03276ee97a574474
70fed089cabe70e9ae9cd11f13054811e5995348a7d01292ad62cb0eb45ccd31
bfa09378fbf5c19facce069caed42b282e1a137e9c0570b10196bafebcb7bda2
d75821f15f29a2031c22880cae112457067158c40f850a9d5eb065237bf05cce
e9f3ec46387776b505948a3e6dc2f327edb466fec966a43124f950d34d572b58
f07c60c0d59d24a06570825f8de8f5f7f306fb8477119025140e52a86741217c
ffce0fb6554ed8d2bf0a8d6c5fe570370acd1137dd32c7e2d66b0a2632a01604
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230622-wlv7sahg3t/
Behaviour
Program crash
Unpacked files
SH256 hash:
877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9
MD5 hash:
45a2d79b36fe8ddbf8752e261912b7d6
SHA1 hash:
9f671a055d0f8ea03bca51f957b6385b84754bc0
Link:
https://www.unpac.me/results/d1dee327-af40-4c9d-9fff-6cc6886a2339/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 877dce06405dd615ae9b838d206e5b549ed269ad98190721dca6731da830a9e9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2665597/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/401730/

Comments