MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90432b31f3033989375ea42d6a1d7757b959969ba7e0c80ddbf1e766ff30e5f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.ExtenBro


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90432b31f3033989375ea42d6a1d7757b959969ba7e0c80ddbf1e766ff30e5f8
SHA3-384 hash: 14103f6e8011f9e886a2b07b64f936d744db5cb06b78325cdd0ba5ce7fd39297c17ffb4b1b1c539faa291af725c69221
SHA1 hash: 6c349df5451cd3dd26d6135e6150319d459baed8
MD5 hash: fc2603fce0fde81e2f9b1fe056d9d6f9
humanhash: michigan-quiet-kansas-lima
File name:SecuriteInfo.com.Trojan.GenericKD.43544658.14342.6821
Download: download sample
Signature Adware.ExtenBro
Create hunting rule
File size:1'588'120 bytes
First seen:2021-02-14 23:53:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 24576:84nXu/QSDTV+Bnvu8tk9aP76dGKK0YF1I8Po3kJy5pIz0frpuIBpG2OBtSWd6+Z:8qeNVNhGJ0YF1I8P7Jop40jpv6gWF
Threatray 54 similar samples on MalwareBazaar
TLSH B675BE3FB268653ED5AA4B3245B39360997BBB61A81B8C1E07F0080DCF665701F3FA55
Reporter SecuriteInfoCom
Tags:Adware.ExtenBro

Intelligence

File Origin
# of uploads :
1
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKD.43544658.14342.6821
Verdict:
Suspicious activity
Analysis date:
2021-02-14 23:54:59 UTC
Tags:
installer
Link:
https://app.any.run/tasks/d7dfad3e-0d81-4828-869b-dce1a68546e6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117107/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.43544658.14342.6821.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
44 / 100
Link:
https://www.joesandbox.com/analysis/607678
Signature
Antivirus / Scanner detection for submitted sample
Bypasses PowerShell execution policy
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and execute file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Suspicious powershell command line found
Tries to download and execute files (via powershell)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 352869 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 15/02/2021 Architecture: WINDOWS Score: 44 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Antivirus / Scanner detection for submitted sample 2->45 47 Sigma detected: Powershell download and execute file 2->47 49 5 other signatures 2->49 8 SecuriteInfo.com.Trojan.GenericKD.43544658.14342.exe 2 2->8         started        process3 file4 24 SecuriteInfo.com.T....43544658.14342.tmp, PE32 8->24 dropped 11 SecuriteInfo.com.Trojan.GenericKD.43544658.14342.tmp 24 21 8->11         started        process5 file6 26 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 11->26 dropped 28 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 11->28 dropped 30 C:\Program Files (x86)\Remembr\is-SD59F.tmp, PE32 11->30 dropped 32 C:\Program Files (x86)\Remembr\is-R6V13.tmp, PE32 11->32 dropped 53 Suspicious powershell command line found 11->53 55 Tries to download and execute files (via powershell) 11->55 15 powershell.exe 7 22 11->15         started        18 powershell.exe 8 17 11->18         started        signatures7 process8 dnsIp9 34 bdns.at 15->34 37 bdns.at 62.75.198.178, 443, 49729 GD-EMEA-DC-SXB1DE Germany 15->37 39 107.175.64.30, 80 AS-COLOCROSSINGUS United States 15->39 20 conhost.exe 15->20         started        41 iplogger.org 88.99.66.31, 443, 49728 HETZNER-ASDE Germany 18->41 22 conhost.exe 18->22         started        signatures10 51 May check the online IP address of the machine 34->51 process11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90432b31f3033989375ea42d6a1d7757b959969ba7e0c80ddbf1e766ff30e5f8/
Threat name:
Win32.Downloader.PsDownload
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 00:53:10 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  3/5
Verdict:
unknown
Similar samples:
08dbec2319a6dc6fc42ac20e63560ff2796b9106ab9cfd4ea3974b45460f4c6b
Adware.ExtenBro
16bbaa4003bd7b0ee00634113bd4da02b153f09817263dda98bb06d012c18d74
Adware.ExtenBro
3e99b59df79d1ab9ff7386e209d9135192661042bcdf44dde85ff4687ff57d01
Adware.ExtenBro
7fa4d0985ab3815937955768756e954d33a26c2c230399bbf0a547495764f11e
Adware.ExtenBro
91a63868ca56bae97b954c0ece75ed4f66e18bf2c258a9ed5712e376bae7220c
Adware.ExtenBro
a1a9137dea275aa805e5640f6450366dbf6e10be066e5c12c34904e45e469c4c
Adware.ExtenBro
b36726aaf78b085d289247ffcd61dfe6121ebefe721bbbcd28f3327db73ece4c
Adware.ExtenBro
d4898d4aec91b789a3abb2d9e103eb1111d783a05a119ef7d1db9ab3811a79c2
Adware.ExtenBro
f16630378ba5cd07f2e131f3afa483c6f722406702d9201450c3be17f8b1081e
Adware.ExtenBro
f9c509c0e06a6c3677f248f69abed6831d600434e509cb27ed38f9682875bf9a
Adware.ExtenBro
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210214-1ly4hpcjej/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
af88eb66d8a42355d8cacfe0361b032b72d4c137327856d26bf4794549ad5aa6
MD5 hash:
6953e86cd8473c0c0cd8ca034c2caa81
SHA1 hash:
02cf6de5e9c9769d1973c15d53afccb4267e07c8
Link:
https://www.unpac.me/results/12187093-d0be-4b6d-ac81-e8b7c29be60c/
SH256 hash:
90432b31f3033989375ea42d6a1d7757b959969ba7e0c80ddbf1e766ff30e5f8
MD5 hash:
fc2603fce0fde81e2f9b1fe056d9d6f9
SHA1 hash:
6c349df5451cd3dd26d6135e6150319d459baed8
Link:
https://www.unpac.me/results/12187093-d0be-4b6d-ac81-e8b7c29be60c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/90432b31f3033989375ea42d6a1d7757b959969ba7e0c80ddbf1e766ff30e5f8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.ExtenBro

Executable exe 90432b31f3033989375ea42d6a1d7757b959969ba7e0c80ddbf1e766ff30e5f8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1010163/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/117107/

Comments