MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1
SHA3-384 hash: d01b8f670f69c7c12a014c979b83fd120d80f963dd8ca03081cfcf0e3272b04a3b8f522ff2a83cab4d6dca4267fafcce
SHA1 hash: e6e34481feff0d64bd3f232d8df3c2793dff2a9b
MD5 hash: cb01631f49aa2476d488d307b56e258d
humanhash: pluto-seventeen-uranus-lactose
File name:cb01631f49aa2476d488d307b56e258d.exe
Download: download sample
File size:598'528 bytes
First seen:2023-07-31 07:25:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:Lrtj754KK1wLo7ls7UQR2W8T4kkrg+vRCwvMNrjwxK9rtocCp:/nlLfpqT4kktRCyQjw4t5Cp
Threatray 9 similar samples on MalwareBazaar
TLSH T1FED4CE1E96BCFFF7ED1E41BD5C1004EE4223B2B7B391D2DA88D66CA51D927D0620690B
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
269
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cb01631f49aa2476d488d307b56e258d.exe
Verdict:
Malicious activity
Analysis date:
2023-07-31 07:38:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/77cfec99-5dd2-4b34-85ed-4bdd987082fc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/439369/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68422169.10184.31434.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a window
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/64c7620ee64bd705397ee7d8/reports/1c21d068-877d-4f07-ab76-fe7f14cac3b9/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/636a8cbd-e5b7-45c6-bb6b-bd6d17e56d25
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1282978
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1/
Threat name:
ByteCode-MSIL.Trojan.Fsysna
Create hunting rule
Status:
Malicious
First seen:
2023-07-30 07:42:52 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
14 of 23 (60.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s5xuethg7fhrpfaq2u3aaqtlrx7fvqk2fxj4p3raanik2nuz4tqq._file
Verdict:
malicious
Similar samples:
08cf6ccfdbf64dcd6a75f223cb348e9f83eecc6f2a56e896930fbbb919ca9920
2572cbafc999216fe489d457721d60891da56a4936aa48a9ef822dac6ef83696
3e0a1d597d13ebdc99bce3f25e8c57920b556f2da35f433df02c04b2ad9ca150
42fa2465262a38c68c5ffececfc6068a34916e2ac878c742429f63ec2efe0f27
6c16c890ebece47d2e9c9160c366e632fc7577ac766ae32ef640070481ab8c3e
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0ca
cab876614b0a34bf3534506ef5b37f2e50579488de269eed485d9054711ddf6c
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230731-h9ja8sec4x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1
MD5 hash:
cb01631f49aa2476d488d307b56e258d
SHA1 hash:
e6e34481feff0d64bd3f232d8df3c2793dff2a9b
Link:
https://www.unpac.me/results/686305c0-a127-4d84-a0ef-35574cf058dc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 976f424ce6f94f179410d53600426b8dfe5ac15a2dd3c7ee200350ad3699e4e1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2681797/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/439369/

Comments