MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7
SHA3-384 hash:	0f257e55a8d0d858c6b73ca98233051ebb0b9e677d0d4d22533aa231bd7045a1c246ac2f55e6ecadc84ab5aa214986bf
SHA1 hash:	2ac557941a96b127315f862b8f66187d7101b95b
MD5 hash:	10c118856dd7ca8b8bf9cfbeafaa52e2
humanhash:	tennis-idaho-purple-november
File name:	10c118856dd7ca8b8bf9cfbeafaa52e2
Download:	download sample
Signature	Havoc Alert Create hunting rule
File size:	425'586 bytes
First seen:	2023-12-14 08:14:35 UTC
Last seen:	2023-12-14 10:23:55 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	8260621b0344d2e2099645fa3d150511 (4 x Havoc)
ssdeep	6144:HSR19yqCA8AA0oU28N4UbmAvS+BKnkc2Rud2+KVuGiEdHyUivYmogOKl+J5Z:y8qCD0oU28NC9bk/IY5KzLnBsZ
Threatray	45 similar samples on MalwareBazaar
TLSH	T1A2945C90B644FDF5ECCA8BB410D1630993BAF0819B19EF2F6520FE3C055EB98997354A
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zbetcheckin
Tags:	64 exe Havoc

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

356

Origin country :

FR

Vendor Threat Intelligence

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467435/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.20330.31951.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Dragonfly

Gathering data

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-debug crypto greyware overlay packed rozena

Link:

https://www.filescan.io/uploads/657ab9953f60a810349130a7/reports/f834401c-9841-4eca-be2b-209f3467526e/overview

Hybrid Analysis Trojan.Generic

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Havoc

Malware family:

Havoc

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b40ab5cd-2863-450e-9afe-edd0f2f3cb10

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1362023

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7/

ReversingLabs TitaniumCloud Win64.Trojan.ScarletFlash

Threat name:

Win64.Trojan.ScarletFlash

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-11 19:45:23 UTC

File Type:

PE+ (Exe)

AV detection:

21 of 37 (56.76%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rbi2h6vlsss4naqx7jg6s2gmb2bfa3f2npix2543yxdpgiguu6tq._file

Threatray malicious

Verdict:

malicious

Similar samples:

15bffc5a28e2a4b1720d3da53d64576223e50bd587066c64b53f4931cfa3fd3e

Havoc

575343d1c8d28e40312688587eaa87035821c94d854b80fce362bd462b1cf874

Havoc

5da64b62dff944e2b9bb3ca115832f88caedf52afa3f045ba1199d3da29212ac

Havoc

8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7

Havoc

8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

Havoc

98d192e5117e1956c22bdbd64397f7702415e2a2a90a077d4c9fde60a13caf26

Havoc

+ 35 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/231214-j5kh6scdfj/

Behaviour

Suspicious use of AdjustPrivilegeToken

UnpacMe

Unpacked files

SH256 hash:

8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7

MD5 hash:

10c118856dd7ca8b8bf9cfbeafaa52e2

SHA1 hash:

2ac557941a96b127315f862b8f66187d7101b95b

Link:

https://www.unpac.me/results/b6be2ad1-ef4c-4828-aef2-12471b094ccf/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Havoc

exe 8851a3faab94a5c68217fa4de968cc0e82506cba6bd17d779bc5c6f320d4a7a7

(this sample)

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/467435/

  

URLhaus

https://urlhaus.abuse.ch/url/2740474/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-14 08:14:36 UTC

url : hxxp://113.52.134.114/ekk1.exe