MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7
SHA3-384 hash:	b65d37c3210246064b3d65ddfeafffa220fb06333b5b86d24c676d401c60eea836bf25369c94713c56995eb8f235963e
SHA1 hash:	9ac886d9a47d853c745b8ee2bf05b0daf549b7f8
MD5 hash:	16d69d752dfb1211e0e67596d59caca1
humanhash:	whiskey-harry-stairway-oscar
File name:	16d69d752dfb1211e0e67596d59caca1
Download:	download sample
Signature	Havoc Alert Create hunting rule
File size:	424'859 bytes
First seen:	2023-12-14 08:13:44 UTC
Last seen:	2023-12-14 10:23:55 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5295d583c9853102cc64559e29002d53 (3 x Havoc)
ssdeep	6144:qPK11eSPZUfxfEYpeHSybVVmAyS+EKnkG2Rut2GKVu3iE5HyTivqmogOKw1eo1:qm1DZUfxfEYp0SviMk1IohJPWlBE1
Threatray	11 similar samples on MalwareBazaar
TLSH	T1F8946C90B644FDF5EC9A8BB410D2630993B9F0C19B19EF2F6520FE3C055EB98993354A
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zbetcheckin
Tags:	64 exe Havoc

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

301

Origin country :

FR

Vendor Threat Intelligence

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467423/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.3441.17642.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Dragonfly

Gathering data

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-debug crypto greyware overlay packed

Link:

https://www.filescan.io/uploads/657ab9513f60a8103491306c/reports/c27d3a2d-cb5c-48ac-8858-38b7752517a2/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Havoc

Malware family:

Havoc

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8388209c-22b1-42c8-b3d0-30eab528aa52

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1362021

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7/

ReversingLabs TitaniumCloud Win64.Backdoor.Havoc

Threat name:

Win64.Backdoor.Havoc

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-13 06:38:05 UTC

File Type:

PE+ (Exe)

AV detection:

18 of 23 (78.26%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rqf6l6b45k6qeekp7ypkz7sz54arxqe74cfe5mrmntau7pmaxttq._file

Threatray malicious

Verdict:

malicious

Similar samples:

048cdec89a97f5751c55d1b458fd0ee81be632f23a6df3aaac33172a1dad2289

Havoc

206636cc3e595d020c3fb557356566da123ee9a9f59e02c7fbf5ac32acfb80bb

Havoc

575343d1c8d28e40312688587eaa87035821c94d854b80fce362bd462b1cf874

Havoc

7c6bd535738cf0b1a2e8c259e52e271ee2199e22ae50ce311ff0809e237548d1

Havoc

8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

Havoc

bb466b4f503c00221425ef7e6286f5b5dfc0e6da68bf4653ff5e9c78869ce059

Havoc

e2762ea7c59520a1a989cb3d6798b00ffba323e82a5db2cd0f778573feddfa60

Havoc

+ 1 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/231214-j4zlpsdgc9/

UnpacMe

Unpacked files

SH256 hash:

8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

MD5 hash:

16d69d752dfb1211e0e67596d59caca1

SHA1 hash:

9ac886d9a47d853c745b8ee2bf05b0daf549b7f8

Link:

https://www.unpac.me/results/57c1e0e3-7cf5-47d1-8520-fff07308c05e/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Trojan

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Havoc

exe 8c0be5f83ceabd02114ffe1eacfe59ef011bc09fe08a4eb22c6cc14fbd80bce7

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2740485/

Cape

https://www.capesandbox.com/analysis/467423/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-14 08:13:45 UTC

url : hxxp://113.52.134.114/fol4.exe