MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 949c7b6c3a6f957bfd8044f3d4f090ba38db4ab9b026d14672cb8184011aec8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 949c7b6c3a6f957bfd8044f3d4f090ba38db4ab9b026d14672cb8184011aec8e
SHA3-384 hash: f67e5c4ee3a84b2bc16d1a4d8305112cfa0a82bcbc4f4aec935f6498db5d5d0172cf602acafe0898fb6fad04ca6c9a5e
SHA1 hash: 4ebb8e8beaa48fff1e9c95ac9dd88d93f50adadc
MD5 hash: 2b1e28c572b13c757506a1307ff8f051
humanhash: one-shade-bakerloo-sierra
File name:eufive_20220315-013249
Download: download sample
File size:739'328 bytes
First seen:2022-03-15 07:48:17 UTC
Last seen:2022-03-15 10:15:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d45ad06d41e77dfabdd72c5e57235656
ssdeep 12288:Z/3X0FwXk2x2wAdm4pb44f+sn5qeUZUk0t2XrAyc2BNuRJqgMj4a+4i7Js0GN3Ni:Z/3EFwXHAQ4F44WK5Rq8+N8bz6HNe5dn
Threatray 912 similar samples on MalwareBazaar
TLSH T1E0F49D61F69641F3E981307061BAD7769939BA3923347FC3A7E43D781A211C2AE3934D
File icon (PE):PE icon
dhash icon f9c08282828098a8
Reporter benkow_
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/250587/
Detection(s):
SecuriteInfo.com.AutoIT_Compiled.11575.221.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Сreating synchronization primitives
Moving a recently created file
Creating a process from a recently created file
Searching for the window
Searching for analyzing tools
Searching for synchronization primitives
Using the Windows Management Instrumentation requests
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9251/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger
Link:
https://www.filescan.io/uploads/623044f3b94fb38cb4829501/reports/2987dbb2-7438-4572-846d-caffd58e6c86/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c62d1898-6b41-4977-be44-24676b80840d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/956785
Signature
Hides threads from debuggers
Machine Learning detection for dropped file
May check the online IP address of the machine
PE file has nameless sections
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Sample or dropped binary is a compiled AutoHotkey binary
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/949c7b6c3a6f957bfd8044f3d4f090ba38db4ab9b026d14672cb8184011aec8e/
Threat name:
Win32.Trojan.Bingoml
Create hunting rule
Status:
Malicious
First seen:
2022-03-15 07:49:11 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
05c74df48acc294f4664a48c2ad643b78168dd92ece54ee32f7113334fc02885
094157797d5445aeefe736030d14515e4cfe9478a52a9f6911728b2e6e343b45
1244ebb105dfcbfc32b5349f576e2e08f75437a6510d7db886e60815b7720816
54e90ef3b2121408e03bb343b70583fe15a2ca24d5d76e8129766dbaa22817c5
56e791cc8e07df049102c8d489a27c08ce231b90ac97eb97c741ddeb236fec24
945adada6cf6698b949359d9b395a5f905989d0d1eb84f537de492ecc1263148
b85d12e9d145f67b2e3177e70b694b364363812001d84709c0d6f29ce4f5341f
cee3ea84c830c09cd2728fda6a2088d23ee49a298d2001a1e30a8e24277ea6f1
+ 902 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence suricata
Link:
https://tria.ge/reports/220315-jnpfssahar/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Looks up external IP address via web service
Loads dropped DLL
Executes dropped EXE
suricata: ET MALWARE Suspected Bizarro Banker Activity (POST)
Unpacked files
SH256 hash:
949c7b6c3a6f957bfd8044f3d4f090ba38db4ab9b026d14672cb8184011aec8e
MD5 hash:
2b1e28c572b13c757506a1307ff8f051
SHA1 hash:
4ebb8e8beaa48fff1e9c95ac9dd88d93f50adadc
Link:
https://www.unpac.me/results/0a2678fe-ccea-4b52-bcde-315f34326b42/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/949c7b6c3a6f957bfd8044f3d4f090ba38db4ab9b026d14672cb8184011aec8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/250587/

Comments