MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cbf3b568724d618057aab89ae62d13436c75d4a5306388a932bbe7c287ae08e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cbf3b568724d618057aab89ae62d13436c75d4a5306388a932bbe7c287ae08e
SHA3-384 hash: 3db90e3517a8bf0ed42c553260a031691e08a31c56e9dcb8f14d75c6e84a1c29fc58f4e3b8b3d8f55ebb2c3f959fff5c
SHA1 hash: 2d3277c6daa3e39d96412bc0fdcf47ef31a6eecc
MD5 hash: c80231e270d81e31b1fb40230179e571
humanhash: diet-lactose-alabama-fish
File name:8c.exe
Download: download sample
File size:4'593'152 bytes
First seen:2022-10-24 12:44:06 UTC
Last seen:2022-10-24 14:18:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f95be13f6d8877c1727982fd4a08bd6a
ssdeep 98304:8+xNkq2DRM9M3d6MjgXT1/JzSWqQNMcdu:8skq2DRMmdRjAxBSWWcdu
Threatray 46 similar samples on MalwareBazaar
TLSH T18626BE52A3A400F8D4B7D138C9579627E7B2B81513709BDB13E8867A2F23BE15E3E711
TrID 90.1% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.8% (.EXE) Win64 Executable (generic) (10523/12/4)
2.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
0.9% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter 0x746f6d6669
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8c.exe
Verdict:
No threats detected
Analysis date:
2022-10-24 12:47:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/204f14d9-cd49-4fca-a4ed-1bffb0b67e35

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323416/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63063444.19106.20173.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Sending a custom TCP request
DNS request
Running batch commands
Unauthorized injection to a recently created process
Searching for the browser window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ac202e37-42d8-4ff7-9eb6-b1c0b36c894f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1096535
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 729178 Sample: 8c.exe Startdate: 24/10/2022 Architecture: WINDOWS Score: 56 27 discord.com 2->27 43 Antivirus / Scanner detection for submitted sample 2->43 45 Multi AV Scanner detection for submitted file 2->45 8 8c.exe 13 2->8         started        signatures3 process4 dnsIp5 35 keyauth.win 188.114.96.3, 443, 49702 CLOUDFLARENETUS European Union 8->35 37 127.0.0.1 unknown unknown 8->37 11 chrome.exe 17 1 8->11         started        14 conhost.exe 8->14         started        16 cmd.exe 1 8->16         started        18 2 other processes 8->18 process6 dnsIp7 39 192.168.2.1 unknown unknown 11->39 41 239.255.255.250 unknown Reserved 11->41 20 chrome.exe 11->20         started        23 chrome.exe 11->23         started        25 chrome.exe 1 6 11->25         started        process8 dnsIp9 29 clients.l.google.com 142.250.181.238, 443, 49703 GOOGLEUS United States 20->29 31 accounts.google.com 142.250.185.173, 443, 49705 GOOGLEUS United States 20->31 33 4 other IPs or domains 20->33
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cbf3b568724d618057aab89ae62d13436c75d4a5306388a932bbe7c287ae08e/
Threat name:
Win64.Hacktool.KernelDrUtil
Create hunting rule
Status:
Malicious
First seen:
2022-10-23 21:23:48 UTC
File Type:
PE+ (Exe)
Extracted files:
18
AV detection:
20 of 26 (76.92%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rs7twvuhetlbqbl2voe24ywrgq3moxkkkmddrcutfo7hykd24cha._file
Verdict:
malicious
Similar samples:
1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
39b74b2fb057e8c78a2ba6639cf3d58ae91685e6ac13b57b70d2afb158cf742d
61f1194b2b3a4dc3b4861a5a61c8dc58bce93a0ad0b18f61c8d66dbdbc04972c
73e926ed57eae4d7da49906fc5a8a0cc9507c5e3481e1146be98aaa1514773fc
abbd8e97919bf5dabe526d37016b01747a77bb0ad78938f63bf4e1c47b7e6cd6
afa9cfebde15f911aa345d129893fa0efcff73cb3b19fcd1ff39a252f7ac9496
b14cde376a8a7a9d7ad34cdfd07108c132ad8be7f60c5c0a0f17b6b63eb28b49
dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09
eee0f2f6b2524498f8287f95dd184828a044677700d61e2c0a109866f3dd504d
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/221024-py2rrsggdn/
Behaviour
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
8cbf3b568724d618057aab89ae62d13436c75d4a5306388a932bbe7c287ae08e
MD5 hash:
c80231e270d81e31b1fb40230179e571
SHA1 hash:
2d3277c6daa3e39d96412bc0fdcf47ef31a6eecc
Link:
https://www.unpac.me/results/8d0baac5-2a88-4167-be06-f6dc02c1c2ff/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8cbf3b568724d618057aab89ae62d13436c75d4a5306388a932bbe7c287ae08e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/323416/

Comments