MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c8946de373b0f3a3566acffb6d99d860bc8aa19cdc2e401d3f2b7588529e490. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c8946de373b0f3a3566acffb6d99d860bc8aa19cdc2e401d3f2b7588529e490
SHA3-384 hash: 32807e0186fd2b1be2b9f2386157c13b4bfba7c469fbde643063e318c7d79a20a26b4ea749ae105e75c34eaa41f568f2
SHA1 hash: 69b1e1e4f9e2a726db38bdacb58aeba88e8a2d57
MD5 hash: 61232fa66d9e552ce75067fc3438b671
humanhash: one-lactose-nevada-black
File name:61232fa66d9e552ce75067fc3438b671.exe
Download: download sample
File size:984'064 bytes
First seen:2022-03-04 19:14:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 12288:nq+G0h0xnsdvVUxPVnWjEhKRPubuBXr1gk0BhlBK6ha41l5w09bEmixFSEY8fomv:nqZMaur
Threatray 5'715 similar samples on MalwareBazaar
TLSH T10A253C53BA81B05DDA250EBFDF82F9B346979E56CB40840D11F73CA372229B0B976097
File icon (PE):PE icon
dhash icon 4c972b1d69657979
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
252
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/247426/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.38954826.6971.31874.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
DNS request
Creating a file in the Windows directory
Сreating synchronization primitives
Creating a process from a recently created file
Creating a file
Running batch commands
Launching a process
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b1d66c00-d29e-44b5-a291-bca2a224410a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
69 / 100
Link:
https://www.joesandbox.com/analysis/951029
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Creates an autostart registry key pointing to binary in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c8946de373b0f3a3566acffb6d99d860bc8aa19cdc2e401d3f2b7588529e490/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-20 09:12:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
31
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
22cae78091c21f20872225afc645fa37d80d3b321cd9ba7a6fa1c903689f9fea
32bf6a730cca597011b8e619bad0168190337b8e96db09e2fe214b436d8f2f69
35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282
361ced68c7680745d536ecd6a4c9dcbc867234c4fe10e419553d24a2514c3840
37728370446782dda4fd81f1bbcbe8759e00cc6d03aa4eb4822e73b02a8ce67a
488aeadb7b5bfdcf2b7bf7f25518f6ccaf136e90bf81409838d7f8051938d076
49cfe3e8ec06fb6fc1616f2113eec3aed85ec58a24798690a493a23d0a85f7b0
5d8823c74c9bd0d2b25fd7d4443d4652cb92c2513c6e5e339884619052672880
5ed80f3e0c9d4c92b05864fafffd410becd10235c0cb34cd1ac46090dc83f293
6e46c37c824f13c573fea62962c995f2e614c4751db1102e842033c176014378
+ 5'705 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220304-xx8spaffc5/
Behaviour
Runs ping.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Adds Run key to start application
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
2e9029ce680f52d19d8355417e4f577bc1a69f8250f771d3ddb875f9fb586bdc
MD5 hash:
0c7f9a04230c424cba08e0977852932b
SHA1 hash:
adb281fa5deee89800ddf68eea941a6b8cf6f38e
Link:
https://www.unpac.me/results/1686114c-6be6-487c-944b-4070c89609ce/
SH256 hash:
277de1bcbdb84a36e0fe86df6a38a0aaa3cd594c7f60469356199f9295388d6d
MD5 hash:
402d7c691a2433bc3a9e20c0d89b6177
SHA1 hash:
771bd69df5df84ba5d568866a58b04bcb3a7be96
Link:
https://www.unpac.me/results/1686114c-6be6-487c-944b-4070c89609ce/
SH256 hash:
8c8946de373b0f3a3566acffb6d99d860bc8aa19cdc2e401d3f2b7588529e490
MD5 hash:
61232fa66d9e552ce75067fc3438b671
SHA1 hash:
69b1e1e4f9e2a726db38bdacb58aeba88e8a2d57
Link:
https://www.unpac.me/results/1686114c-6be6-487c-944b-4070c89609ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/8c8946de373b0f3a3566acffb6d99d860bc8aa19cdc2e401d3f2b7588529e490

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/247426/

Comments