MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93
SHA3-384 hash: 107e382e0c4ec6f26f56b0830248f81b6fcf2c9c33dda22700549fcbb3c80d0bf2d60168b069d83db10005d15c5c92fa
SHA1 hash: 4b175910d0d6d2c5228cdb54ab8d92bb4149a382
MD5 hash: 92907b257d087fa3e9fa0a72dc15772e
humanhash: sixteen-romeo-happy-jig
File name:92907b257d087fa3e9fa0a72dc15772e.exe
Download: download sample
File size:2'671'903 bytes
First seen:2023-11-13 17:12:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f4639a0b3116c2cfc71144b88a929cfd (96 x GuLoader, 53 x Formbook, 37 x VIPKeylogger)
ssdeep 49152:Ch2s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hsT:C3zX71oDCRAZUviAHImDqia7hsT
TLSH T17BC52300B241DC42DDB906F41C6AE2BA50743FBB641EB56337817AFE2AF2E31954F256
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 80a4a6a4a6a6a480 (1 x RustyStealer)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
286
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/458392/
Detection(s):
SecuriteInfo.com.Malware@#1o2coqjl0l2yj.2594.21486.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Searching for the window
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/6552592a6f0bce33263826cb/reports/773bf972-14fb-4a8e-b5fc-2e2cc54c91cf/overview
Verdict:
Malicious
Labled as:
Doina.Generic
Link:
https://www.hybrid-analysis.com/sample/8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Melcoz
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7360b433-cdb8-4bbf-a907-584660cfb92a
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1341866
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2023-11-12 13:37:20 UTC
File Type:
PE (Exe)
Extracted files:
113
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rgam3pqxlbuzkzh33jsoe7xr6azurnqcc3knlank4ziihgqs52jq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231113-vreljseb5y/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
4f476493fa552079cb476fb1dc15b01db20edbf2a5fc04eee47febaf680419f9
MD5 hash:
8dbe208bacfa74d76332701fbe95899d
SHA1 hash:
3f8f0a6a736457de1c33827407edc998269050b0
Link:
https://www.unpac.me/results/53324783-3859-439b-bf0b-71f777511b4e/
SH256 hash:
8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93
MD5 hash:
92907b257d087fa3e9fa0a72dc15772e
SHA1 hash:
4b175910d0d6d2c5228cdb54ab8d92bb4149a382
Link:
https://www.unpac.me/results/53324783-3859-439b-bf0b-71f777511b4e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8980cdbe1758699564fbda64e27ef1f03348b60216d4d581aae650839a12ee93

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2730062/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2730080/
Cape
Cape
https://www.capesandbox.com/analysis/458392/

Comments