MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 4 File information Comments

SHA256 hash:	88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986
SHA3-384 hash:	5d383a7264658b8ec75d3a4017981625dcb86ae9d2cc2f9ac921cf1d6bc84ab44894aa3cc75c7833631d1a0362d7b32f
SHA1 hash:	34fdd0d94ecfe8c887ebb164068579013d2c611b
MD5 hash:	43a0526a928f9daca9c953221406af8e
humanhash:	neptune-charlie-johnny-muppet
File name:	file
Download:	download sample
File size:	2'812'416 bytes
First seen:	2022-11-07 18:52:09 UTC
Last seen:	2023-08-26 21:41:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	49152:Aujo4zjmiVP/bjTRdYey8Pg8clh2bsam8LFl6yJ3O21oV9aZYq:Auc2milfTTYZ8PM756l6y5Bo6qq
Threatray	12 similar samples on MalwareBazaar
TLSH	T124D533653158DE1EC46D0237DE6A07024E758FB748E4DB79B61733B8187B60E38782AB
TrID	69.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 9.9% (.EXE) Win64 Executable (generic) (10523/12/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	01986868676bb840
Reporter	jstrosch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

137

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

http://cheats4.pro/download

Verdict:

Malicious activity

Analysis date:

2022-10-03 22:14:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/91465cf6-f6d3-4004-9541-f25bf04e2e28

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/330168/

Detection(s):

SecuriteInfo.com.Variant.Lazy.166113.19168.14586.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/63695411c0dbe6b5f9a4a485/reports/f6184d7b-aa95-4a9f-a545-9e557383c3e1/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Janeleiro

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0c73f790-c76e-4f24-9fde-1b44b3a83bca

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1107582

Signature

Antivirus detection for URL or domain

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Uses Windows timers to delay execution

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986/

Threat name:

Win32.Trojan.Lazy

Status:

Malicious

First seen:

2022-06-16 02:43:28 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

13 of 26 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rdq7xvhfjfhdyj3ggahixk4x5wyi6pdtcxb5sffx3cznvqs7rgda._file

Verdict:

malicious

2bcc54ed052152ac1fb77d9c8740f4ab87e3e59f3cd82e232df64c38b369f057

34780db137a84afc3d8957def954127c724fba4187055e49b875481203b68163

523c73801cb0175c81f507010d68ba97fc644a6ff84e5e6c0a79d5ec0b012b10

64e5b32569d9f0f8494b23e6ed44b0f5ab5fe96308751cf3c0b0bdbe82d88605

8cc4490da47561e18ea0202b96aa8c8cc3d62173e71ff3c025b502bbd745a542

99130eed4455022e46708007973bec154f132b885018754de5302d1ae65c6ffe

cc8238f4425e62f6c878a84ac794db812c619508dc916e2bde50f7a5f6152ba5

+ 2 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221107-xjmy3acgf2/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/93802266-3757-4f27-9533-2c7937cdda6a

Unpacked files

SH256 hash:

0c2f8640409ceea63ecc9d5c01242c3d0c4711425368e2545daff55dbc8a8cd3

MD5 hash:

280e6c9ba2f49df02d4fc64cb33ade83

SHA1 hash:

d50556f7ac9ff9a44deb238146cf782748e7a542

Link:

https://www.unpac.me/results/cacbe89d-f2a1-4abf-85b2-70845a52f125/

SH256 hash:

48094ae0b13e1460ba245fca1197bd9a9d12c859b31f2eb5601b65f9815a6557

MD5 hash:

2400ba9c4ebaa8fd8009ecd09f3402d6

SHA1 hash:

c256628def2f9dcb576d6715be8dbf3a10989221

Link:

https://www.unpac.me/results/cacbe89d-f2a1-4abf-85b2-70845a52f125/

SH256 hash:

836a90c13d5b16b2499de3e288964a569c3465a330a58f7a5e429ca8ac79df2a

MD5 hash:

3593ae5148a736ea03aa903ce42a24c6

SHA1 hash:

7eacd68bd7969d61701fac2599a561746dff438c

Link:

https://www.unpac.me/results/cacbe89d-f2a1-4abf-85b2-70845a52f125/

SH256 hash:

b4cee9bdfb09ba0a85a5622f91915991b8f1814a37ae32c7842f059d7cc1ac48

MD5 hash:

a8e981dd2ac45cca14c24f672e812501

SHA1 hash:

416cb2454b0e193913f790fda567637742512afc

Link:

https://www.unpac.me/results/cacbe89d-f2a1-4abf-85b2-70845a52f125/

SH256 hash:

88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986

MD5 hash:

43a0526a928f9daca9c953221406af8e

SHA1 hash:

34fdd0d94ecfe8c887ebb164068579013d2c611b

Link:

https://www.unpac.me/results/cacbe89d-f2a1-4abf-85b2-70845a52f125/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.51

Link:

https://yomi.yoroi.company/submissions/88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_EXE_Packed_Fody Create hunting rule
Author:	ditekSHen
Description:	Detects executables manipulated with Fody

Rule name:	pdb_YARAify Create hunting rule
Author:	@wowabiy314
Description:	PDB

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 88e1fbd4e5494e3c2766300e8bab97edb08f3c7315c3d914b7d8b2dac25f8986

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2305967/

URLhaus

https://urlhaus.abuse.ch/url/2402934/

Cape

https://www.capesandbox.com/analysis/330168/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample