MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d7ef36c8b47090ad62186cf92e3d31351989c54e53f1c161e027923c26aa206. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d7ef36c8b47090ad62186cf92e3d31351989c54e53f1c161e027923c26aa206
SHA3-384 hash: 1e1f2a77f37c4290425ed1ad67fb1465d761946939a4508b7e27d348f193fee1d1bf349edb6bc0f224edbfb42e9bc959
SHA1 hash: 35d659f129f098ca8aa1ea867a60e41b8dc78ff4
MD5 hash: 2646b91798b706a0c7b98b98c6c84c90
humanhash: oklahoma-avocado-speaker-florida
File name:2646b91798b706a0c7b98b98c6c84c90
Download: download sample
File size:262'776 bytes
First seen:2022-01-20 16:32:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:ownmCjcAexizK5he8Sfb6Yp3qUZ9LYHUrf4XFA:C2cAmiGnL+b6YcIY0YFA
Threatray 2'869 similar samples on MalwareBazaar
TLSH T10B4423561DD1A4AFC5D61AB41FB69F5BD37C7A024B800F0BDBA67F9B2C710834622287
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BOSFA Pty -Project File - PRICE REQUEST Ref#938019.94 Australia.xlsx
Verdict:
Malicious activity
Analysis date:
2022-01-13 18:16:49 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/bc624e1b-3e91-492e-9bbd-409c099d75b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/221163/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61e98ec20f8c757253d13e03/reports/8d7f2ab2-6448-48f6-99c8-0ed5ece2291d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/844aa455-9058-44e9-b523-d658644a8fa5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/924568
Signature
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d7ef36c8b47090ad62186cf92e3d31351989c54e53f1c161e027923c26aa206/
Threat name:
Win32.Spyware.Obfusinjector
Create hunting rule
Status:
Malicious
First seen:
2022-01-14 14:20:17 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
29 of 42 (69.05%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
32202111654172f16eab4a33849af61e651680218d44e657b719b56789976561
5bb063ee2622e4f4e0d61535b8ddc6acd3e5674d4ef098bb4b595f1bb61b847e
75e51d5e7662ad2c7ee23822ebf5246ce2d3257734ef87883f57bbcffe13c5d2
841f9f73c023feb0be61101b2c25b5405d7f999a756721d88feb146038c9dbda
99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345
c0904a36e97e50225bc8ab11f7a9c588ebc758b1dc624d39d94da1f5268b847e
c65cf48fc08b19589a00110bc5c3c8eab2b3f41018ca606616b0d10fece7b2f8
d8722ea25b272799308ed667084a5080de6cce80ca8820c2685bf631aacbf8cf
+ 2'859 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220120-t2hwaaafgm/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
5e69b916cb702d9d0a8862b1e1e3d466a842330576ddc6483b334381bd5b8a91
MD5 hash:
855726806374c6bf8d19c3fc63412960
SHA1 hash:
d01c6188a6db61d9fff7813715bba718bd095cac
Link:
https://www.unpac.me/results/9a1c2680-1c97-4ea9-9b51-f7312e9add43/
SH256 hash:
8d7ef36c8b47090ad62186cf92e3d31351989c54e53f1c161e027923c26aa206
MD5 hash:
2646b91798b706a0c7b98b98c6c84c90
SHA1 hash:
35d659f129f098ca8aa1ea867a60e41b8dc78ff4
Link:
https://www.unpac.me/results/9a1c2680-1c97-4ea9-9b51-f7312e9add43/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.43
Link:
https://yomi.yoroi.company/submissions/8d7ef36c8b47090ad62186cf92e3d31351989c54e53f1c161e027923c26aa206

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8d7ef36c8b47090ad62186cf92e3d31351989c54e53f1c161e027923c26aa206

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/221163/
  
URLhaus
https://urlhaus.abuse.ch/url/1993144/

Comments


Avatar
zbet commented on 2022-01-20 16:32:31 UTC

url : hxxp://103.133.109.181/oswindows11/vbc.exe