MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345
SHA3-384 hash: ce17dff4f82a2db5345ac215dd6cc0621386fe54c797c119265ae103e7d64063fd40474c3d8df80623e3fa41ed9c69ec
SHA1 hash: ec15647ee41366eb071068110c5590f64b2e2ffa
MD5 hash: 09012d818d6dfd893907543ec924b23d
humanhash: uncle-december-sierra-india
File name:09012d818d6dfd893907543ec924b23d
Download: download sample
File size:296'398 bytes
First seen:2022-01-20 16:32:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:owI8sAx35XtR80LDwdKIEj7f3gJ+T5c0LSYVKkWBDB:88FXP80HOKIEj7f3RSYV0v
Threatray 2'871 similar samples on MalwareBazaar
TLSH T1115423967FF5562BD98929F24347833EE3FDA2089264444B27602FADB9B34D3C0161E7
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/221165/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61e98ec60f8c757253d13e05/reports/a5a03f46-87f3-4d3f-af70-293863c6de50/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ede5c6a0-aaa8-4517-a489-0f322408ce26
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/924565
Signature
Antivirus detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345/
Threat name:
Win32.Backdoor.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-01-17 18:32:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
25 of 43 (58.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
5bb063ee2622e4f4e0d61535b8ddc6acd3e5674d4ef098bb4b595f1bb61b847e
626213dec6f5f7c552974fc4d9fe954cb70b94f03588aa4550cd545789034167
841f9f73c023feb0be61101b2c25b5405d7f999a756721d88feb146038c9dbda
9ad929181f755701c0152618393ccff03e0499944c2e3f22fa2d0539347f5c45
c0904a36e97e50225bc8ab11f7a9c588ebc758b1dc624d39d94da1f5268b847e
c65cf48fc08b19589a00110bc5c3c8eab2b3f41018ca606616b0d10fece7b2f8
d8722ea25b272799308ed667084a5080de6cce80ca8820c2685bf631aacbf8cf
+ 2'861 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220120-t2jgtaafgp/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
b618e572a66f55f8dca426ac725a2ca17cb663970f7d2d89bfae04d06f089a19
MD5 hash:
6d2074f285ce3f31281d29fc9969118c
SHA1 hash:
e9a8118814454bbbbef3d15abe947d8d3bd50bd9
Link:
https://www.unpac.me/results/80485e43-1960-457c-bbe4-4acf5fcb9721/
SH256 hash:
99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345
MD5 hash:
09012d818d6dfd893907543ec924b23d
SHA1 hash:
ec15647ee41366eb071068110c5590f64b2e2ffa
Link:
https://www.unpac.me/results/80485e43-1960-457c-bbe4-4acf5fcb9721/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.43
Link:
https://yomi.yoroi.company/submissions/99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 99338ec37cc70fb66ff95728e7db06e320cc70cfd64236346bc623f0777c5345

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/221165/
  
URLhaus
https://urlhaus.abuse.ch/url/1993146/

Comments


Avatar
zbet commented on 2022-01-20 16:32:49 UTC

url : hxxp://103.133.109.181/winos11pro/vbc.exe