MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fe82a75e04b5862cc442c52304af1f710b24cd13138739e94559fcb2e0a4da7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fe82a75e04b5862cc442c52304af1f710b24cd13138739e94559fcb2e0a4da7
SHA3-384 hash: 9c474987e61b020330a2b4f84f666b16ab6e075e17e9ee3a65f5c9ec30de1b5493042d378e1512405aa399f9c6da0f3a
SHA1 hash: 784fc5d7b1c3da035305063c17cabc4db600c35c
MD5 hash: 2dde1f40af3beb9d252cd0c2ea8cc26d
humanhash: oven-mike-tennessee-hawaii
File name:file
Download: download sample
File size:601'088 bytes
First seen:2023-07-14 09:01:20 UTC
Last seen:2023-07-15 01:40:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:JL8wdmnqfZA+uppEt+bhAbTG/yEbAK/O+0tiTb1s:V8wdCqfZWpOt+FAbKKEbS+00+
Threatray 4 similar samples on MalwareBazaar
TLSH T1B7D4010493E9117EE67A4E394C3C14EA452DEC7668ABD3FA5500A81A1DF37F08F11EB2
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter andretavare5
Tags:85-217-144-143 exe


Avatar
andretavare5
Sample downloaded from http://85.217.144.143/files/Ads.exe

Intelligence

File Origin
# of uploads :
25
# of downloads :
309
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-07-14 09:04:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/10a03c8e-dcf9-4fc3-9c62-b13aa2af1268

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/418681/
Detection(s):
SecuriteInfo.com.Heuristic.HEUR.AGEN.1313918.28815.7831.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/64b10f0b58d62e49a2fddcd4/reports/81e3ad3c-312d-4bd3-a0dc-cd5e2c1037ac/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/8fe82a75e04b5862cc442c52304af1f710b24cd13138739e94559fcb2e0a4da7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/07a29ff4-45fe-44c0-9bc2-66ddf7274138
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1273046
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8fe82a75e04b5862cc442c52304af1f710b24cd13138739e94559fcb2e0a4da7/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-14 09:02:09 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r7ucu5pajnmgftcefrjdasxr64iletgrge4hhhuukwp4wlqkjwtq._file
Verdict:
malicious
Similar samples:
bbb8fbbb20bebbfaa7b103359319cd5e20b967748c079303f396f236a92e00b3
c60a3dc5ebf562425740e1b942f17ee9aabd2150d8399213e810ae2f79fa776c
e853cf3b859652da4cfc02fd2c58a2f1a147e206ec57c3097be7d297c33ef754
eb51def4151ae6c16d06ebb7e170dc7f1910932c172cf9aa1719d3d6bbc043b5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230714-kzftgadg5s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
8fe82a75e04b5862cc442c52304af1f710b24cd13138739e94559fcb2e0a4da7
MD5 hash:
2dde1f40af3beb9d252cd0c2ea8cc26d
SHA1 hash:
784fc5d7b1c3da035305063c17cabc4db600c35c
Link:
https://www.unpac.me/results/af5f183f-af8c-4ccd-a35f-313b7ba27d96/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2681759/
Cape
Cape
https://www.capesandbox.com/analysis/418681/

Comments