MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775
SHA3-384 hash:	a55a4fb3e75a4bd7c83822743a5001736fbe28a4807e9fd16c654089980e945230100f821ebfe93c38025444cabddca1
SHA1 hash:	1a8f37127e903d6f0b97c3951521a90dd3cd272e
MD5 hash:	c6a119b86fd7ebcfcd837e6d2e346982
humanhash:	nineteen-rugby-dakota-mexico
File name:	file
Download:	download sample
File size:	98'304 bytes
First seen:	2024-08-31 22:36:50 UTC
Last seen:	2024-08-31 23:03:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep	1536:1iXSdgLYWcbbfMyEoP+fJ8Ta+nOSvL6RLhwLtZkHImm+xMI4KATlNp6BC7du2mK5:qLYTbkZ2+R8T9nOSvWCrkHptmI4xTzpX
TLSH	T135A312C99FA5E9B0C4A74B72C512805A2133CD9AD673CC68A24B3DD4E75F5396AF0F02
TrID	27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.6% (.EXE) Win32 Executable (generic) (4504/4/1) 8.5% (.ICL) Windows Icons Library (generic) (2059/9) 8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	Bitsight
Tags:	exe

Bitsight

url: http://31.41.244.11/steam/random.exe

Intelligence

File Origin

# of uploads :

# of downloads :

477

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66d39b13ad7abf2db5cfb02f

Tags:

Encryption

Result

Verdict:

Clean

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

microsoft_visual_cc overlay packed

Link:

https://www.filescan.io/uploads/66d39b10810ee8da80231279/reports/4858b389-cf69-4c61-8e7f-4e1d6101f73e/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d1dec57a-ed03-4388-892f-64c2ebbde5f1

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1502340

Signature

AI detected suspicious sample

Machine Learning detection for sample

PE file contains section with special chars

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rrn3a2u2xmyydsihpig24nf2esgr6c7o2d3mnohyc2ymzqx2k52q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240831-2jslrszanr/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/a3a25e62-71b2-490a-9fc6-f782b1e5d6d0

Unpacked files

SH256 hash:

8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775

MD5 hash:

c6a119b86fd7ebcfcd837e6d2e346982

SHA1 hash:

1a8f37127e903d6f0b97c3951521a90dd3cd272e

Link:

https://www.unpac.me/results/8d45a14f-35b4-42a3-8931-e4d016ca8a02/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8c5bb06a9abb3181c9077a0dae34ba248d1f0beed0f6c6b8f816b0ccc2fa5775

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3120904/

URLhaus

https://urlhaus.abuse.ch/url/3120910/

URLhaus

https://urlhaus.abuse.ch/url/3120900/

URLhaus

https://urlhaus.abuse.ch/url/3114824/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample