MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 906ebe2cf6a8ed8ac40265e251c48647bb8a6f527437ecb4404e52714becd67e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 906ebe2cf6a8ed8ac40265e251c48647bb8a6f527437ecb4404e52714becd67e
SHA3-384 hash: 503c7ae31304f04f5fb79e73ee75eac9243d3b21550adaf5a0ea8514c2df126632ee296c77f199ee6503e6bbaecbb6d6
SHA1 hash: 42817e44640219cdb93b2c5747c5995548a11d91
MD5 hash: 176453d834cda1eeec5250ebfb07d068
humanhash: golf-beryllium-blossom-carpet
File name:176453d834cda1eeec5250ebfb07d068.exe
Download: download sample
File size:6'027'897 bytes
First seen:2022-02-10 18:58:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:h76HYGHUKMWIOZLNP009qjP+WgbpU09/PMKjoHDzQ8AAW1llun:J8dUAOFyJ9PM0oHDzK91llg
Threatray 1'447 similar samples on MalwareBazaar
TLSH T1DB563303B68D9BBEEE261E707575923029689F631B348F5A73D0DE7D867105CA930BC2
File icon (PE):PE icon
dhash icon 6ccccc9cc4dce8f4 (4 x Formbook, 3 x Smoke Loader, 3 x AsyncRAT)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/240738/
Detection(s):
SecuriteInfo.com.Gen.Variant.Razy.582340.18684.14597.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll update.exe
Link:
https://www.filescan.io/uploads/6205608554047500bb3c6b67/reports/b68872ae-645f-42ba-baca-b84645166328/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/93f04ba9-2df0-407a-aa5c-6b8fd6d4e3e9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/937909
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/906ebe2cf6a8ed8ac40265e251c48647bb8a6f527437ecb4404e52714becd67e/
Verdict:
malicious
Similar samples:
051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d
180c47dcded98430295ccb8e7bc11ccf74c5b524f36ff943e813abb374aee42c
6836b39eb57f71a5dc4140f49c9b2cc26de967460c42faad48ef88eeb50ba674
7387dda5e2f645e2bdb9c2b366b4917a52a0535800580deb50f28e6790418ec9
dee5fa01f5f31868f131fb518880eae43324acc873b2c04f8bcd98bf771be3af
e9f1d411e9f40b3050fd6bec3caf316b0986bce3f8185b6529efc6586800fd4a
ff4ce1d3f5505f474fe7ccd88f0bb67146d90be5e64c22d3147fd9d098a635b8
+ 1'437 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220210-xm3tpahbh8/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
9687fc60f2e9c155d4302762f19cf9fb62aed5a16276e20f7e38f9f7fd3efc48
MD5 hash:
c1969646c91686ca0abce360c9bd1174
SHA1 hash:
f1e8ceb44b51efe6fd2d404cabcc94b2c9500e9a
Link:
https://www.unpac.me/results/3f928e60-2244-4173-8581-47fd24f29abb/
SH256 hash:
906ebe2cf6a8ed8ac40265e251c48647bb8a6f527437ecb4404e52714becd67e
MD5 hash:
176453d834cda1eeec5250ebfb07d068
SHA1 hash:
42817e44640219cdb93b2c5747c5995548a11d91
Link:
https://www.unpac.me/results/3f928e60-2244-4173-8581-47fd24f29abb/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:exec_macros
Create hunting rule
Author:ddvvmmzz
Description:exec macros
Rule name:obfuscate_macros
Create hunting rule
Author:ddvvmmzz
Description:obfuscate macros

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 906ebe2cf6a8ed8ac40265e251c48647bb8a6f527437ecb4404e52714becd67e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1806356/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/240738/

Comments