MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b366eb1d6c2c558154131e350708add274315d91733f89a29d8306f53c4d09c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b366eb1d6c2c558154131e350708add274315d91733f89a29d8306f53c4d09c
SHA3-384 hash: cfa3cdc164733906bdd4e250b859c641f8c29397c9a17c048402a4a6cab60a4d02e2eca6619ce01f23be9cd2f1bccd79
SHA1 hash: 11e1917f50e5234ee61251d0ce258221d4b9eb16
MD5 hash: b293c3038385e59e5fe7d851b53dc76b
humanhash: venus-washington-video-lake
File name:b293c3038385e59e5fe7d851b53dc76b
Download: download sample
File size:22'767'744 bytes
First seen:2021-08-23 14:01:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d1f0da408c33eebb70b9bfa17b7fddc (4 x njrat, 1 x Jadtre)
ssdeep 393216:YfVI3PkpFSHq5Gc2Rc1ljkXSgdqNzZi8KaNz4sAmF6qB/4Vq9QD11E/INYtX38zq:cVI/qk02sp0Sgdr5a5KrVq+RNzzCgi
Threatray 149 similar samples on MalwareBazaar
TLSH T19F3733A6A1F1D03EFAE3547641D7C2707BB3CFA00A269A63BF49012F6A91D935707D12
dhash icon cdabae6fe6e7eaec (20 x Amadey, 9 x AurotunStealer, 8 x CoinMiner)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b293c3038385e59e5fe7d851b53dc76b
Verdict:
Suspicious activity
Analysis date:
2021-08-23 14:34:13 UTC
Tags:
installer
Link:
https://app.any.run/tasks/9cf6195b-ccd6-43a2-a9fb-f67dd16cfb77

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file in the Windows subdirectories
Sending a UDP request
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/837580
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
May modify the system service descriptor table (often done to hook functions)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Virus.Kudj
Create hunting rule
Status:
Malicious
First seen:
2021-08-11 23:38:11 UTC
AV detection:
33 of 46 (71.74%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
09f671389b1751b349057fbb454c9a8263e95fbb8af54f47a016abad4a925472
329e8814efa351d1c58c275981a39cf0a9ef0f50d8eb8db9bbb8f70020d75204
3494fdebd477fb45b537334f415f6e7b56ad7aa2764f80472ee7cb705d30eb65
4d4b219a3788d8e40bd7083d421e3d7d399a065bd53afb6e74d3fb7ab2bc09bd
63cbb3daa3fbb2b799f43c4a7dda4515e65d6a1c56a3009f69d1d1f783e66847
7097b016e2aead3d213343e1de7332fddc4d83e2e8c2f8329460738cb2dbea4d
79ffbaa84a7808f62c8d2453e7e7ad96312da7e7b2e0b62c02d38f4de75eb3ca
9e2bea46ed015f98e1fb7591e83f1cac52c51f5e3f004cc6a57c508dcef134e0
a502a65ea5e9af77a83922384dac18241694857619a642c1543237be89d1c2da
c03f737cb9dc57529e3536275c757f76137b7407bd1ca4fd2f1c7f3029491c13
+ 139 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210823-dv3ggqtk6n/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b366eb1d6c2c558154131e350708add274315d91733f89a29d8306f53c4d09c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8b366eb1d6c2c558154131e350708add274315d91733f89a29d8306f53c4d09c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1557431/

Comments


Avatar
zbet commented on 2021-08-23 14:01:37 UTC

url : hxxp://185.107.96.180/patches/7213.exe