MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c9611ab9a8a8dbc44f93e6f81cb2c46ed936cdde7fb88b9410d50bde750cfb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c9611ab9a8a8dbc44f93e6f81cb2c46ed936cdde7fb88b9410d50bde750cfb6
SHA3-384 hash: 7df5b2bc20e06e7877ca6592b303857a0ad9446fdb6f011f4d2ade2cb7812e6a435a516289dd931d2dd69c903181f8c9
SHA1 hash: cdac7286dd5c56183c384580f9f72f57fcbb38cf
MD5 hash: d9e402762e546c0046ad4748778472e1
humanhash: maine-social-twelve-kansas
File name:86HTe.exe
Download: download sample
File size:1'098'112 bytes
First seen:2020-04-23 12:22:11 UTC
Last seen:2020-12-06 08:00:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d803cf4cabab38ad6ac8123e3c7a53dd (2 x CobaltStrike, 1 x Quakbot)
ssdeep 24576:wpPg/wTlg6Xklt9e/Y/iIpNh6liEmE2CebHNpVffB:XwRg6X+twii8N0oCeLNbfB
Threatray 48 similar samples on MalwareBazaar
TLSH 1135D053B98184B2F0474972853AA73BBE357601B924CE87E7D45D280A73250EE3F76E
Reporter oppimaniac

Code Signing Certificate

Organisation:COMODO RSA Certification Authority
Issuer:COMODO RSA Certification Authority
Algorithm:sha384WithRSAEncryption
Valid from:Jan 19 00:00:00 2010 GMT
Valid to:Jan 18 23:59:59 2038 GMT
Serial number: 4CAAF9CADB636FE01FF74ED85B03869D
Intelligence: 10 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 52F0E1C4E58EC629291B60317F074671B85D7EA80D5B07273463534B32B40234
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8c9611ab9a8a8dbc44f93e6f81cb2c46ed936cdde7fb88b9410d50bde750cfb6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/220656/
  
URLhaus
https://urlhaus.abuse.ch/url/220605/
  
URLhaus
https://urlhaus.abuse.ch/url/221596/
  
URLhaus
https://urlhaus.abuse.ch/url/224302/
  
URLhaus
https://urlhaus.abuse.ch/url/224304/
  
URLhaus
https://urlhaus.abuse.ch/url/225775/
  
URLhaus
https://urlhaus.abuse.ch/url/230559/
  
URLhaus
https://urlhaus.abuse.ch/url/230560/
  
URLhaus
https://urlhaus.abuse.ch/url/230562/
  
URLhaus
https://urlhaus.abuse.ch/url/230563/
  
URLhaus
https://urlhaus.abuse.ch/url/230566/
  
URLhaus
https://urlhaus.abuse.ch/url/230567/
  
URLhaus
https://urlhaus.abuse.ch/url/231016/
  
URLhaus
https://urlhaus.abuse.ch/url/231061/
  
URLhaus
https://urlhaus.abuse.ch/url/231063/
  
URLhaus
https://urlhaus.abuse.ch/url/231065/
  
URLhaus
https://urlhaus.abuse.ch/url/231067/
  
URLhaus
https://urlhaus.abuse.ch/url/232101/
  
URLhaus
https://urlhaus.abuse.ch/url/232117/
  
URLhaus
https://urlhaus.abuse.ch/url/233129/
  
URLhaus
https://urlhaus.abuse.ch/url/233439/
  
URLhaus
https://urlhaus.abuse.ch/url/234977/
  
URLhaus
https://urlhaus.abuse.ch/url/234979/
  
URLhaus
https://urlhaus.abuse.ch/url/234993/
  
URLhaus
https://urlhaus.abuse.ch/url/235111/
  
URLhaus
https://urlhaus.abuse.ch/url/252019/
  
URLhaus
https://urlhaus.abuse.ch/url/348813/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/360962/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::CopySid
ADVAPI32.dll::EqualSid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::InitializeSecurityDescriptor
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::SetSecurityDescriptorDacl
ADVAPI32.dll::SetSecurityDescriptorOwner
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileA
KERNEL32.dll::GetWindowsDirectoryA
KERNEL32.dll::GetSystemDirectoryA
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::GetUserNameA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyA
ADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegDeleteKeyA
ADVAPI32.dll::RegOpenKeyA
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::FindWindowA
USER32.dll::OpenClipboard
USER32.dll::PeekMessageA

Comments