MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ebd7e4552db6ffe8e2ba6bccc7a0929c34635e10493ca9d5a6c44d268436778. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Bitter


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ebd7e4552db6ffe8e2ba6bccc7a0929c34635e10493ca9d5a6c44d268436778
SHA3-384 hash: 54b86d86dcb394851ed34a729e51628d6f12968782638095f77f9c11b95782dbed8ca59032bc3e16c92396fd9ef070f2
SHA1 hash: 99f555b391dd93d1cd4811dbcc497d0c576b471b
MD5 hash: ba86203015619424653b46139f9db746
humanhash: bacon-cold-monkey-mountain
File name:xe
Download: download sample
Signature Bitter
Create hunting rule
File size:53'248 bytes
First seen:2022-05-13 07:48:45 UTC
Last seen:2025-02-22 08:43:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 27932183e3db07698d1b6421715dd755 (1 x Bitter)
ssdeep 768:1aJgtWtyoXNLhU0Kvp266vOR/rm99ZU9YYd:1aW8tyoXN1UvkOxUPY
Threatray 2 similar samples on MalwareBazaar
TLSH T1C833C612AA024511F71D0B701A12FAE049A9AE3D2AE5F59FF778BD392C321839D7714F
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 00928bd3d353a640 (9 x Bitter)
Reporter JAMESWT_WT
Tags:apt Bitter exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
318
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/270324/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Сreating synchronization primitives
Launching a service
Searching for the window
Creating a file
Creating a window
DNS request
Creating a file in the system32 directory
Sending a custom TCP request
Creating a process from a recently created file
Sending a UDP request
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/17460/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware shell32.dll update.exe
Link:
https://www.filescan.io/uploads/627e0d7340028d3247d010f7/reports/a50269be-e7d9-4524-8561-0224a53433af/overview
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/32b56fac-1a81-487c-906a-b50875de814e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/993386
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ebd7e4552db6ffe8e2ba6bccc7a0929c34635e10493ca9d5a6c44d268436778/
Threat name:
Win32.Downloader.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-03-03 02:17:00 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
28 of 41 (68.29%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r26x4rks3nx75drlu26my6qjfhbumnpbasj4vhk2nrcne2cdm54a._file
Verdict:
malicious
Similar samples:
81daafd1fe82aa9bd555418f56f8330bbd4c204160bdbe99400e8238ee574335
Bitter
b026a255b2e17fb0c608f1265837e425ea89cc7f661975c6a0d9051e917f4611
Bitter
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220513-jnnt9sgedj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Drops startup file
Loads dropped DLL
Executes dropped EXE
suricata: ET MALWARE APT/Bitter Related Checkin Activity (GET)
Unpacked files
SH256 hash:
8ebd7e4552db6ffe8e2ba6bccc7a0929c34635e10493ca9d5a6c44d268436778
MD5 hash:
ba86203015619424653b46139f9db746
SHA1 hash:
99f555b391dd93d1cd4811dbcc497d0c576b471b
Link:
https://www.unpac.me/results/a423024f-d509-4e5b-8f98-78940442d977/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8ebd7e4552db6ffe8e2ba6bccc7a0929c34635e10493ca9d5a6c44d268436778

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Bitter

Executable exe 8ebd7e4552db6ffe8e2ba6bccc7a0929c34635e10493ca9d5a6c44d268436778

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/270324/
  
URLhaus
https://urlhaus.abuse.ch/url/2192744/
  
Delivery method
Distributed via web download

Comments