MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e
SHA3-384 hash: e880f60f16cf28f9e2ae50b31a81eb912ebbf31a749e92c2641b80aef2da8f20e52b4973473b7f4baab148504dbd75fb
SHA1 hash: 27fb067defa7af488faf3b6bf81442758682ba4b
MD5 hash: 40809f97e0a9472720a97afdf1eaf040
humanhash: summer-summer-pluto-speaker
File name:40809f97e0a9472720a97afdf1eaf040.exe
Download: download sample
File size:8'568'520 bytes
First seen:2024-10-06 18:24:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6742ddbcd39f44e4cf3c1ddb8cea7257 (1 x LummaStealer)
ssdeep 196608:LEUqZAW8hM9L248PIjF6jLfQ47YJ3xt0mh2sSn26UVRFXGn:LEUqZSixO+6jxyDfkVd
TLSH T18986335529D781E8C8C20DA9331B29DB23F3A1AF449ED53536C63402B462FFB518E97B
TrID 42.7% (.EXE) Win32 Executable (generic) (4504/4/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
341
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6702d601ebeac9e68051131d
Tags:
injection exploit
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin mshtml overlay packed
Link:
https://www.filescan.io/uploads/6702d5ff0460111fe74f8a17/reports/bd1a8b7d-8cc2-4955-b5e4-cb16b64a4d4c/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b77831d8-3e51-423f-b45f-416aa9b82adf
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1527339
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-10-06 18:25:06 UTC
File Type:
PE (Exe)
AV detection:
12 of 23 (52.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sd7nwej6ns3jm2eva3zchac7epv46b6lk6kk6nn3h7jn2bmjzapa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241006-w2lnaaycpp/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6fd6358a-65b7-470d-8de9-8bb725c8496f
Unpacked files
SH256 hash:
90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e
MD5 hash:
40809f97e0a9472720a97afdf1eaf040
SHA1 hash:
27fb067defa7af488faf3b6bf81442758682ba4b
Link:
https://www.unpac.me/results/80ab7474-23a7-4b74-a280-4045725e53aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 90fedb113e6cb696689506f223805f23ebcf07cb5794af35bb3fd2dd0589c81e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3208009/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW

Comments