MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89
SHA3-384 hash:	583e0523bb22329e046c5b9472e4f9d850e9281e841e4d94491474dcf74eaa170bcbf8bb644005d882fe9e939b39ba33
SHA1 hash:	582db3ecb19c62975772cbde9b2b97888ef7b097
MD5 hash:	220427ccd450638df243193a8ba34f23
humanhash:	island-massachusetts-carolina-connecticut
File name:	220427ccd450638df243193a8ba34f23
Download:	download sample
Signature	Havoc Alert Create hunting rule
File size:	1'035'928 bytes
First seen:	2023-12-14 08:14:00 UTC
Last seen:	2023-12-14 10:23:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	bc3dde5bfd8628ae140056ffcca67115 (4 x Havoc, 1 x Cobalt Strike)
ssdeep	24576:qtFiVP1PH+UqAb2n6MQE3hfhJhhKh1hhhhSehhFhhhUhgzA:qtFiVP1PH+qYQE+zA
Threatray	31 similar samples on MalwareBazaar
TLSH	T17F254B1BE76344EDCA7AC070876B9372BE74F82502346A2E1F54CB351F25E605A6EB34
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zbetcheckin
Tags:	64 exe Havoc

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

300

Origin country :

FR

Vendor Threat Intelligence

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467427/

ClamAV Detected

Detection(s):

SecuriteInfo.com.W32.PossibleThreat.3775.21267.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Dragonfly

Gathering data

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-debug crypto greyware havoc overlay packed

Link:

https://www.filescan.io/uploads/657ab9565937bfdbca10d70a/reports/87a1e3bf-93e5-417a-a304-3d45d388065d/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Havoc

Malware family:

Havoc

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/63e31a4d-9ab1-434b-a23a-fe33530eb0a5

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1362017

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

99%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89/

ReversingLabs TitaniumCloud Win64.Trojan.Scarletflash

Threat name:

Win64.Trojan.Scarletflash

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-13 06:40:14 UTC

File Type:

PE+ (Exe)

AV detection:

14 of 23 (60.87%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rms5aczni5vbelegtzm3xq7qmnodnvmqm2qs5z5akrldmatzjkeq._file

Threatray malicious

Verdict:

malicious

Similar samples:

30979d6192d60158768f4bf3955399bf3289592403b4899fe7fe5de57d6e664a

Havoc

5850d3b23060abb351ae9dafecfe7c19c9e890004f4c14f8ee7d164838fc356b

Havoc

5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db

Havoc

8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89

Havoc

a9180fb79d272c7f05692d692beb8436aa131fde1c4390e6942c502b6333e6c6

Havoc

b8c1ef5da202475f7113c36a014ebeda72a235c4ed16b2ba0244ee95c6e44053

Havoc

e5678edaa33ccb76eb24df35029b65d60c36908113067f66023c3fc548970036

Havoc

ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622

Havoc

+ 21 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/231214-j4zlpscdem/

UnpacMe

Unpacked files

SH256 hash:

8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89

MD5 hash:

220427ccd450638df243193a8ba34f23

SHA1 hash:

582db3ecb19c62975772cbde9b2b97888ef7b097

Link:

https://www.unpac.me/results/2a060794-fd98-48d0-b592-696123d49cb3/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Trojan

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Havoc

exe 8b25d00b2d476a122c869e59bbc3f0635c36d59066a12ee7a054563602794a89

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2740494/

Cape

https://www.capesandbox.com/analysis/467427/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-14 08:14:01 UTC

url : hxxp://113.52.134.114/fol5.exe