MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb
SHA3-384 hash: 941c5376e7b996609ce9ea7f8656bde8072a0fc283934e86c60a60d7643e39078826684c822cd2c43992c915ebf7957a
SHA1 hash: 3838ad7fddfb3a013d30afd515c80e9ac37cb7c4
MD5 hash: c8461fb52f97b3a3186954e5fb14752d
humanhash: mobile-foxtrot-louisiana-cold
File name:c8461fb52f97b3a3186954e5fb14752d.exe
Download: download sample
File size:236'032 bytes
First seen:2022-08-10 14:42:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d2009423b16ecb729c183ef430a4a229
ssdeep 3072:KUcvuJEXStOjA7BpQC2mCLsTRozN4rMtH02BhAAH7TNd3XxfyEAg0FujotL1Vwso:omjtOEKKo0MtUEjwEAOcwHes
Threatray 28 similar samples on MalwareBazaar
TLSH T150347C1079E2C472C57329310CF9E7752A7DB9700E658E6F37A84F2D9F782817222A67
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c8461fb52f97b3a3186954e5fb14752d.exe
Verdict:
Malicious activity
Analysis date:
2022-08-10 14:48:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b02ebaca-2143-4324-88ef-2047181f9177

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/297693/
Detection(s):
Win.Malware.Injuke-9783638-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28532/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware shell32.dll
Link:
https://www.filescan.io/uploads/62f3c441080024921b666d28/reports/fc84923a-413a-44c3-b34d-709d10963ab3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BitRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e2a7b55d-b8c6-46c1-a4ce-d642fd660fd0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1049290
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to inject code into remote processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-08-10 00:39:00 UTC
File Type:
PE (Exe)
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgv4bsv5kvgbwdookllassev3vb4nvzfdtqqt7srvbougpbpg3vq._file
Verdict:
malicious
Similar samples:
0c32d3b8dc349aac990a76c405f39b973ed2664847602f4100200ae12ccabd6d
52f5e7a9a44771795325822713ff8c37f4efa674bbbb375523c3982ab79a52dd
5db793f73ecffd1d88da746f8ce03d798b65b9ab2bc13df307f25de29be546dc
78fc1b0ad5b1bf8392a5e1a6dde5dab2fbee2f2fbb833c3c4ba85ace7e9c35e5
93ac463d55f59133067b2b6d985a077b45924421db0293da03cf15ac2a933b92
9afa8ea8064c15e349caad45d31c18c41349080c4ed1d35fdd3472659736a19b
b028c3971be8dfe3152c5718dd75bd0b81d8fbd39f15725d35d53a47d4449a1c
c115174d5a3406d4fcb05170c50293df6f3e1bd14619db5b2be777e16c0f8c5d
c95785635556400cb71d20445d949c9bc50e5b8681ff7a71648bf23ae5441cf1
de5c46975f4bd7759bf711ea3ecc5833c0eadac92b466806e3a2cdcb57b7da19
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220810-r3kedsddc7/
Unpacked files
SH256 hash:
91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb
MD5 hash:
c8461fb52f97b3a3186954e5fb14752d
SHA1 hash:
3838ad7fddfb3a013d30afd515c80e9ac37cb7c4
Link:
https://www.unpac.me/results/d669ef1c-3c3d-49a4-ab2a-4ccff346d10a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2270687/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/297693/

Comments