MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745
SHA3-384 hash:	3713a2eced10e1c910aa6dc506dd09620074d0f87ce26bc70b110e688554fba31036a713377c9f46e476f5f056b7896f
SHA1 hash:	c5749c92d145ab106d50a9d7423f5f37f3d57577
MD5 hash:	7468bd52e71f97bc30d3db3a7713b854
humanhash:	lemon-muppet-harry-twenty
File name:	93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745
Download:	download sample
File size:	1'799'489 bytes
First seen:	2024-01-10 14:40:49 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	77b2e5e9b52fbef7638f64ab65f0c58c (12 x Formbook, 2 x Loki, 2 x AgentTesla)
ssdeep	49152:FAD4+2lXFPpd1ZtmB4TE/S4kzz/y7H2DGhFCTf:20+2zPpPZcB4TEVE/y7mGhFaf
Threatray	64 similar samples on MalwareBazaar
TLSH	T124852372526E909CD0B4CD334A0DD8F4F59A7E13568E8A4FBB847D4BB638BAD9523340
TrID	35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6) 35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	a29e5e1ab8b270f0
Reporter	adrian__luca
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

347

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/470209/

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Searching for the window

Creating a window

Creating a file in the %temp% directory

Creating a file

Running batch commands

Creating a process with a hidden window

Launching a process

Creating a process from a recently created file

Using the Windows Management Instrumentation requests

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

autoit control greyware keylogger lolbin overlay packed packed packed shell32 upx

Link:

https://www.filescan.io/uploads/659eac8559502c0e7b321171/reports/2f7883ba-69e7-40bb-85d8-278f509a580a/overview

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/cdeddc78-f258-4e82-8cfc-e5521948ac19

Score:

90%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=soqdttkzfrskcttonchyaw4pa2omf3aduhihzzv3rwz3j7x6s5cq._file

Verdict:

malicious

1177adfb95bdd9a54a339005976ed4096d23fb4dd2099e91c35fc526c9a7cdbd

1405c3b8c1ddedab092b1c6c0c525a992f83702ca70f69d0bcd98e4f4a17c08b

615beea238930be9e92faf8e7394d59d65000beb9728bb8b38f6b31c83e435e8

9693e6a8bdaa7fa75e4a0215f8ba332db027c1ec11f7f4bf0a7fea17c73158ac

99aa0a112de10ceb2072e32e189befed18db5ce294787bf9b2dbe0ef643ba62c

f080bf1c00fb050cc2a92fb17c08cd22d427782c6f47c532a2462ce3325905f0

f5b3bd1e70cfdf95cd20cc360931cd09675fb4c63ea6dfca938454a79f8b1e31

+ 54 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/240110-r2e4aahcgm/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

AutoIT Executable

Executes dropped EXE

Loads dropped DLL

UPX packed file

Unpacked files

SH256 hash:

0b9e4cd4d33d9395557af8540655c4faf7a2c1836ef388d0472caf8464bc1afb

MD5 hash:

4a6fc30599cad01e8f5446848e46f11c

SHA1 hash:

d6d3ed7e71c9749cbf32aaa67042c28f6b49a0f4

Detections:

AutoIT_Compiled

Link:

https://www.unpac.me/results/617999d9-767b-4248-84cb-464cf6166ff8/

SH256 hash:

93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745

MD5 hash:

7468bd52e71f97bc30d3db3a7713b854

SHA1 hash:

c5749c92d145ab106d50a9d7423f5f37f3d57577

Link:

https://www.unpac.me/results/617999d9-767b-4248-84cb-464cf6166ff8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/93a039cd592c64a14e6e688f805b8f069cc2ec03a1d07ce6bb8db3b4fefe9745

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu

Rule name:	UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu

Rule name:	UPXv20MarkusLaszloReiser Create hunting rule
Author:	malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/470209/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample