MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a
SHA3-384 hash: 54d78e954bea08ea3dbd9234a02e1facda820f0797d304f80bc968f8a350d35292e479ee0a231fb25d0ce1437004a447
SHA1 hash: 03b9d43f5edc5016372bdd6f2c55f4596edb7a2a
MD5 hash: d6a42f3b198cf6b4d64f069824757525
humanhash: equal-chicken-video-utah
File name:d6a42f3b198cf6b4d64f069824757525.exe
Download: download sample
File size:1'972'218 bytes
First seen:2023-10-22 18:06:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ba3ea0d6362a841ec66a1fc0a1b874f
ssdeep 49152:ufocj/lQRgvpu1OJN3dHTdbqlZ3Yd/IqRuOzj0z+4WK:/cjNQRgB6sN3v8ZoaqRuOkKVK
Threatray 12 similar samples on MalwareBazaar
TLSH T16B952351B9E1C8BFD68120792F6C3FF190FBD30686159BA353518A095ABC9D8C368E4E
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4505/5/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d6a42f3b198cf6b4d64f069824757525.exe
Verdict:
Malicious activity
Analysis date:
2023-10-22 18:40:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3ad14f4c-1e58-4f18-83a6-623630bc0ae3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Packed.Babar-10011011-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Launching a process
Сreating synchronization primitives
Creating a process with a hidden window
Searching for the window
Sending a custom TCP request
Gathering data
Verdict:
Likely Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
installer lolbin overlay packed sfx shell32
Link:
https://www.filescan.io/uploads/653564c8e3768e7905c650cd/reports/f0511dfc-32c8-4a99-8ca6-25802faecaca/overview
Verdict:
Malicious
Labled as:
Dropper.Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c50ed093-c97c-40ca-887c-c1ee32cf4fce
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1330152
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1330152 Sample: NJnYUTntgt.exe Startdate: 22/10/2023 Architecture: WINDOWS Score: 80 29 Antivirus detection for dropped file 2->29 31 Multi AV Scanner detection for dropped file 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 3 other signatures 2->35 10 NJnYUTntgt.exe 3 2->10         started        process3 file4 27 C:\Users\user\AppData\Local\Temp\...behaviorgraphj._u6, PE32 10->27 dropped 13 cmd.exe 1 10->13         started        process5 process6 15 control.exe 1 13->15         started        17 conhost.exe 13->17         started        process7 19 rundll32.exe 15->19         started        signatures8 37 Tries to detect sandboxes / dynamic malware analysis system (file name check) 19->37 22 rundll32.exe 19->22         started        process9 process10 24 rundll32.exe 22->24         started        signatures11 39 Tries to detect sandboxes / dynamic malware analysis system (file name check) 24->39
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a/
Threat name:
Win32.Trojan.Znyonm
Create hunting rule
Status:
Malicious
First seen:
2023-10-21 21:34:50 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
17 of 22 (77.27%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q6tf32hbyyfptgtkkbuy5ehuavqb6jnwpa3cszoodbgw6nqvkrva._file
Verdict:
malicious
Similar samples:
4651b70ccdc9d33c87bd11a4ffbdf7dd9aca8c42ce062e615ab96bcd52c195b9
523e0b67eafd7308a03240b1eba839f2f9dcc2b026fb63fed9c14b39961d0d7a
64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e
657ce9b72278bcbc3d100ea8a012381ceee3402bcb19977befb69f4d7459275b
71ba25a8276d119cdf3249f4f5427a2b2b07ba291434ede3d0d84bed4143cc63
8d0191d24b9d62100603d7640fe138d5eb005f758fa77cbcf0434e317286db6c
b653a89e2a50d9f48353c875198d7f64344d227accdc5c8bd35823502800842b
de6a7772b16055e34220437a31db20aaec1520b93a0b18608e5b1dda3db4230b
effae8d148d54fa87d203dd4a4b20245ca22b1feac685e8c38a54767d41c8474
fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231022-wqcagacb6t/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Unpacked files
SH256 hash:
87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a
MD5 hash:
d6a42f3b198cf6b4d64f069824757525
SHA1 hash:
03b9d43f5edc5016372bdd6f2c55f4596edb7a2a
Link:
https://www.unpac.me/results/0828a69b-5840-41ec-afbc-7928956bd8aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 87a65de8e1c60af99a6a50698e90f405601f25b678362965ce184d6f3615546a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2715154/
  
Delivery method
Distributed via web download

Comments