MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96bed9c453b26eee99a3e50cf3ec45332d982bf9b9b5099bd4e7d365afd614f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96bed9c453b26eee99a3e50cf3ec45332d982bf9b9b5099bd4e7d365afd614f7
SHA3-384 hash: 66671e033ef900343a1008ba96a334cb8bd075d55864174527ea2538ff95d9ecdfae89b5bf6fcef86ec6eb995480109d
SHA1 hash: 19564d4743c0cdf3900e27d95ab5bd319f757b44
MD5 hash: fc5c4d8eae258065cc1619faef7c3e3c
humanhash: glucose-robert-wolfram-carbon
File name:musik.exe
Download: download sample
File size:171'008 bytes
First seen:2020-11-27 08:22:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:6dUP5hv0/VsM1blEeLwIt5v+j+bRDv3r0V6ChacWEhDUBG535M8Y:d5etsMllEe7tN+wDvW6xc9UMI8
Threatray 51 similar samples on MalwareBazaar
TLSH C3F3F146EBC89B83C7ED5B7F90E272514B7081ABE74BD70734C812582F2A7C78452A87
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105794/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %AppData% subdirectories
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/549072
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96bed9c453b26eee99a3e50cf3ec45332d982bf9b9b5099bd4e7d365afd614f7/
Threat name:
ByteCode-MSIL.Infostealer.Maslog
Create hunting rule
Status:
Malicious
First seen:
2020-11-27 07:52:32 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s27ntrctwjxo5gnd4ugph3cfgmwzqk7zxg2qtg6u47jwll6wct3q._file
Verdict:
suspicious
Similar samples:
151c9749ebcb80a9044840b499d3ec969f2cd5679b59253c23883c70af486475
4479c12f5259fffa37704031bec2fbe625d029a4b16c77a08628f04aa7442166
5dcd1649d97e0da882778ec70677be52b49603b6596b044518f02c278d93d0f2
6cb35d59850a6e43f2b6cfe1de03a41d81ab9bc07bfdb1b4b1f3cadba53d3086
6fb60c80bdc9cd558a384b468dc8b8467fb2e02764728e6a0ebc28ca865f31f6
78491e950a624399f497cedd25cae2231223b1bcd2f93379480b3c9edb4c6a92
bdcd13abdded8f4f709fb288fb78b4afff486854b3ea78ad378d11220a31c3c4
d0f1b190868c2b25c602e6eee551a39fe677678d6e7dc45eb304fa82a5760799
ecf592d2aed1d17b4c75e72a40edeb9b4396c8c9181cee7519ebe63bb7391870
f7b8a43156a4ed375acd101847b41f358fd4ea3ce4d2cf9ffcf18f278f7a4479
+ 41 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201127-vzz48f6hpj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Unpacked files
SH256 hash:
181832a33ee3f499d45961eedb4adaa17ce95cbdafc40a7b054006ee53600085
MD5 hash:
3264ea756f27396e709f713d13f4409a
SHA1 hash:
e4d992ef2dd9fdb2a474aa81bb5285a9d20773f3
Link:
https://www.unpac.me/results/8cc57c68-f988-4f04-8828-2f65cc474fee/
SH256 hash:
96bed9c453b26eee99a3e50cf3ec45332d982bf9b9b5099bd4e7d365afd614f7
MD5 hash:
fc5c4d8eae258065cc1619faef7c3e3c
SHA1 hash:
19564d4743c0cdf3900e27d95ab5bd319f757b44
Link:
https://www.unpac.me/results/8cc57c68-f988-4f04-8828-2f65cc474fee/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/96bed9c453b26eee99a3e50cf3ec45332d982bf9b9b5099bd4e7d365afd614f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar a66fcb52004ea8934a91897e46359b23d3ce6efe46df887ea919aff51ebaf99b

Executable exe 96bed9c453b26eee99a3e50cf3ec45332d982bf9b9b5099bd4e7d365afd614f7

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 a66fcb52004ea8934a91897e46359b23d3ce6efe46df887ea919aff51ebaf99b
Cape
Cape
https://www.capesandbox.com/analysis/105794/

Comments