MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 978b4ac05a227b23ef7e4fadff92966339ba1413bac5a45e93f83a3064f8fd2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

OOO CM

Vendor detections: 7

Intelligence 7 IOCs 1 YARA File information Comments

SHA256 hash:	978b4ac05a227b23ef7e4fadff92966339ba1413bac5a45e93f83a3064f8fd2f
SHA3-384 hash:	7be97277c2b3e27db07f0996dabcca849dfb22230567b63948fcdefe65cd82b6e4be97ea7e5236868abae9d287dbf3e1
SHA1 hash:	5b40c44625c933e33235803cba25cd272a2716d2
MD5 hash:	6ddc5f04d5ab195a182a6d4fcd6c07f2
humanhash:	queen-venus-alabama-dakota
File name:	978B4AC05A227B23EF7E4FADFF92966339BA1413BAC5A.exe
Download:	download sample
Signature	OOO CM Create hunting rule
File size:	3'631'952 bytes
First seen:	2021-07-03 20:06:15 UTC
Last seen:	2021-07-03 20:43:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep	98304:vSi3CTm2szAeAvQqyN0Ap+DidXvh6d204OOR5qFT:3Ci9rqQq452gJ6M8YYZ
TLSH	2AF5013FB268B53ED5AA0B3245B39360497BBB61A81A8C1F47F0090DCF664711F3B656
Reporter	abuse_ch
Tags:	coinduck.duckdns.org exe NetSupport OOO CM

abuse_ch

NetSupport C2:
188.165.207.8:1337

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
188.165.207.8:1337	https://threatfox.abuse.ch/ioc/157468/

Intelligence

File Origin

# of uploads :

# of downloads :

199

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

978B4AC05A227B23EF7E4FADFF92966339BA1413BAC5A.exe

Verdict:

Suspicious activity

Analysis date:

2021-07-03 20:08:15 UTC

Tags:

installer

Link:

https://app.any.run/tasks/38b5f141-866a-452e-91ef-ec0dad4fb110

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/169521/

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/01f47d27-abcd-499e-be3d-a5be03e39d14

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj

Score:

42 / 100

Link:

https://www.joesandbox.com/analysis/811466

Signature

Multi AV Scanner detection for submitted file

Uses dynamic DNS services

Uses known network protocols on non-standard ports

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/978b4ac05a227b23ef7e4fadff92966339ba1413bac5a45e93f83a3064f8fd2f/

Threat name:

Win32.Infostealer.ChePro

Status:

Malicious

First seen:

2021-01-24 03:53:51 UTC

AV detection:

14 of 29 (48.28%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=s6fuvqc2ej5sh336j6w77euwmm43ufatxlc2ixut7a5dazhy7uxq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210703-4evyds2qr6/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

715fcc06921f427cc982ba75938f3df2efc02f5ad023648ede99e837d7d2aa07

MD5 hash:

b9f0515f280d49d715ed6c7de1743410

SHA1 hash:

63d62f7f3dc230595476daef7b18e91ea0dfa76e

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

0991e04924dfa4338af5c94868e98fbf498e80e9102e784825c158ed5ed5fc7a

MD5 hash:

5ac0be3ff3046188f68eaa833b7680a2

SHA1 hash:

fdd998bfd523faf1772f61ebf05bb0d1b9372ec9

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

0fbdf4988ebb256228b6823f8df1a8c7bc3f65f9c85b88b8809e5f73de190cd1

MD5 hash:

b87e3292b0463c2759e66a9263d15d14

SHA1 hash:

9edecd52186b6aa756e1349f1c395d364faea4a5

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

472bca7eb28d6eb50107d94cfb0c02fd8eb032dda3b8a6c7436ed5995941f58a

MD5 hash:

c5445a2916b7ad2a0c1991e51bcffebd

SHA1 hash:

4ec178b8c515489dec53137d56d166416d7ce6d1

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

e179b458735af53245be878d0af99f6eed436008f72106ed107c34c47bf99a19

MD5 hash:

b85f3448ed7ccc2ce712e092dc587473

SHA1 hash:

4815e086ff353d94ccc62d105e4a21ac756ce8ae

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

7c36ef5dda207590046829fe2a2d23f03b430c8d043f1373e709f8fd3d88d9e2

MD5 hash:

b7573b86bb80221cbfc481c42d16d031

SHA1 hash:

44605029cb9ddc7ef86b095fcb6e2c9535e72579

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

96518656b0050b2ac49cf0621613f90354469ccd545066221cbeda6c00aa2366

MD5 hash:

49b4f966d5988889870b32bc317c94a8

SHA1 hash:

06538f39499ddd96046db05a5135d0dc21bacc49

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

SH256 hash:

978b4ac05a227b23ef7e4fadff92966339ba1413bac5a45e93f83a3064f8fd2f

MD5 hash:

6ddc5f04d5ab195a182a6d4fcd6c07f2

SHA1 hash:

5b40c44625c933e33235803cba25cd272a2716d2

Link:

https://www.unpac.me/results/9f7a327d-30c9-4725-9a8e-d294df3880c4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/978b4ac05a227b23ef7e4fadff92966339ba1413bac5a45e93f83a3064f8fd2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/169521/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample