MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676
SHA3-384 hash: 905a4cdebd180612d7a1200d3a04ad2a02f1f8a2e01d86d087954496e29bf522e1a6f3e6f00e6b9da451f04b1d6506fb
SHA1 hash: 2256383c24a9e5c74e6dece140f2f567d51e5668
MD5 hash: 2d2955e9eec8a5c1c233f9b3c3892fc9
humanhash: apart-montana-purple-enemy
File name:88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676
Download: download sample
File size:283'136 bytes
First seen:2021-08-16 09:07:20 UTC
Last seen:2021-08-16 09:51:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a9d801fe65ff443cc82a212a38e66d33
ssdeep 3072:pjQQBNZ2KhcHKA7TJ8iR5pCFfT+LGv5isJqpDq6Y0G5oY46AoSN/KLbDkmyU5X:9nb1hHABn5pCdT+iypeZohrxSb8cX
Threatray 21 similar samples on MalwareBazaar
TLSH T1B7547C59B3A408F9E973823DCC525906E672BC165371C7AF07A0466B2F276E09E3F721
Reporter JAMESWT_WT
Tags:exe Exploit CVE-2021-31956

Intelligence

File Origin
# of uploads :
2
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676
Verdict:
No threats detected
Analysis date:
2021-08-16 09:09:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2c3854b5-352f-4bc2-ade9-63fb8fb39f0d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/179463/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46786651.29279.17383.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Running batch commands
Creating a file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1a685cb5-a42f-4bbb-8b33-d4e34d4b1fed
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/833414
Signature
Multi AV Scanner detection for submitted file
Sigma detected: SAM Dump to AppData
Sigma detected: Suspicious PowerShell Invocations - Specific
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 465857 Sample: 4BNkJwcoRk Startdate: 16/08/2021 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Sigma detected: SAM Dump to AppData 2->14 16 Sigma detected: Suspicious PowerShell Invocations - Specific 2->16 6 4BNkJwcoRk.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started        10 cmd.exe 2 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676/
Threat name:
Win64.Exploit.CVE-2021-31956
Create hunting rule
Status:
Malicious
First seen:
2021-08-14 01:49:00 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
3 of 28 (10.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
02efd5f4d8dedabeab8e75f3e49a8fdb05c28dfd39bc1e5c96e8213fe3212e9f
14bdf9b3bcb10c51b8dc10275ced93259dbf62ce31331ab3ccf6e5317d7a3cf5
21391fc51c85957fb1bf530fbdd01b9cc6b855445c5ae6e46d9be51441ee62f5
60755909e216dc65f11b7b49ae73ad3e08cb1c5e4255916ea195dbd896f3ae73
79c334850dedad7a1eacb71789b4f025a307bb093f916b51939384a6593315d3
7cf7024eb95b7063c95546364329c3568e42b44c70425107a59b3de6e8025c67
7e9c5763bf74c892d2d38458972eaf91efce287b15719501c8d249c3e3634b24
9d0cc73772d79a0561d03db4e6aca9fad9b125afbbc7f2b4f7f3df25eeed56a0
d57957436111516ca7a7e9af7cb143353cf41a22d556aa19ba6e710a37c6f0ae
f454ea9fa15b20582eb0311beea5cc20e03e643a0a87b7c4e3fb848148873acf
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210816-vawp3ha7b2/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676
MD5 hash:
2d2955e9eec8a5c1c233f9b3c3892fc9
SHA1 hash:
2256383c24a9e5c74e6dece140f2f567d51e5668
Link:
https://www.unpac.me/results/f35fea5e-5318-44b0-ab23-a413ccac23f8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1427165562791137283?s=20
Cape
Cape
https://www.capesandbox.com/analysis/179463/

Comments