MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32
SHA3-384 hash: 63bc9f02846f04417256951de978e94ace7c8e2b0dccd504d6ccc06d55ecae77453c6e429be3ab9beb8f4f54e79fd02c
SHA1 hash: dab137a4c3a06ecd87a9b349b340c99d68f55696
MD5 hash: 9de2ac65d5693a96649f458d47aff56e
humanhash: carpet-summer-utah-spaghetti
File name:9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32
Download: download sample
Signature NetSupport
Create hunting rule
File size:3'629'400 bytes
First seen:2021-08-05 07:48:37 UTC
Last seen:2021-08-05 09:22:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 98304:cSibX3GsZwRJcbwt2t9P+DidXvh6d204OOR5qJK:ILaRJWwAggJ6M8YY0
Threatray 90 similar samples on MalwareBazaar
TLSH T13DF5013FB268A53ED5AA0B3246B39360987BBB61781A8C1F07F0090DCF665711E3F655
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter JAMESWT_WT
Tags:coinduck.duckdns.org exe Knassar DK ApS NetSupport signed

Code Signing Certificate

Organisation:Knassar DK ApS
Issuer:DigiCert EV Code Signing CA (SHA2)
Algorithm:sha256WithRSAEncryption
Valid from:2021-03-04T00:00:00Z
Valid to:2022-03-09T23:59:59Z
Serial number: 025020668f51235e9ecfff8cf00da63e
Intelligence: 5 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: c3692225dad4b5b1ff909f3a769cd913f644a93b1953e149cfd612848af02007
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32
Verdict:
Suspicious activity
Analysis date:
2021-08-05 07:49:28 UTC
Tags:
installer
Link:
https://app.any.run/tasks/51a3671c-3fd8-4904-8553-76ab837253d9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176565/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c2f5c14c-32d3-45be-8f79-280b4207358f
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
troj
Score:
32 / 100
Link:
https://www.joesandbox.com/analysis/827813
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32/
Threat name:
Win32.Infostealer.ChePro
Create hunting rule
Status:
Malicious
First seen:
2021-06-03 01:51:40 UTC
File Type:
PE (Exe)
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
01910bddacbf2ea878b487dd3dfc2cfbeabf1a3dba94309b4a84c9e6b4b4afc9
NetSupport
07eaa6e88904f46157a5e5e45dd70d6e14d5d06aae7dc17e8a2c440ff403a51e
NetSupport
111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c
NetSupport
7879720cfa32665c40e8ffaaa0171ed47563698960d5885d20e0b6a7af8e08ff
NetSupport
7a5f2afe726768008f80860aa992e56e01cb609d6a0510348a528182ae4ad8d1
NetSupport
7a786d6cfe052c82e7ab1d5b7f4427c594f2497c4fb374ab852e01c2c1a2b548
NetSupport
827a427d329e934f5ff7826d647034818a56a69445aa97d08cc74bf801fcf0c2
NetSupport
978b4ac05a227b23ef7e4fadff92966339ba1413bac5a45e93f83a3064f8fd2f
NetSupport
b3a2bc42672492c4a0d3a7fa4f0ad1352f3ccbc245903fd6010079903656f884
NetSupport
fe46c8f8924406e17a3e3a971abe4da511788e338ba438de9ac5a67c67335759
NetSupport
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210805-9cmtz7ff3n/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
cfd30b3ad1570c7dc766888db6c1e095c6ec0bab62f5f01d62dcd1071a2fb4f7
MD5 hash:
72b7a1b4997bd56f2c3e4c787a943160
SHA1 hash:
27a2abff6b5d2b0c864b52ff398e1fb27fb636de
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
bf7a80223df33f6f942774ee2bb510a17f3cc69ac57bc5f6c3ec41d8186106e1
MD5 hash:
d631780dde30af7d14db7952524e443f
SHA1 hash:
f9cea385f6f5c5ddb7f319f1686da414fc47f320
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
518b4462e55dc700e2f8e511faa0647b7863f9830c5a2ae13362baac4ea45738
MD5 hash:
ff8ed5b9bd6490d5c57d5ec75295d35c
SHA1 hash:
ebc5ec743351dc92e428ab5e89c963b41d4839a7
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
b5119d4353a26038f632d773b96873e5fde4071655a8799c07c486738961872f
MD5 hash:
531f7b035d9667efcced79632f34a427
SHA1 hash:
987f529dd09fa87aba9b541ded6916ac8b6361fd
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
233aecc10a79ee4c3e5a6ec449ff6fcace0f003a578dc97fb900aeb4fafa2063
MD5 hash:
cef01a5f00c73a141716621be7058f26
SHA1 hash:
85e49d4a45c31a513a25a815b3430486707da731
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
f02a3354a285166d2b7e48b32f29635abd63f978af87f7e46ca3f6214dbb6922
MD5 hash:
a2aa4c29a70663e86a64eba46a630b90
SHA1 hash:
6cb2e2ad288f12d59f938c5f425341bce4b36f1b
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
281897a6aaa4b85a744839773aeae35ab2fac210c59abb61b8b9257b69e41f28
MD5 hash:
f15ff5bcffa652c411cc71308d69dec2
SHA1 hash:
067f3132166a4c99c84ee8c820b6332a27e66724
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
SH256 hash:
9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32
MD5 hash:
9de2ac65d5693a96649f458d47aff56e
SHA1 hash:
dab137a4c3a06ecd87a9b349b340c99d68f55696
Link:
https://www.unpac.me/results/33a6bdc6-acc5-4f2a-85b8-ab41d4abed30/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9bb6f6446c4460f5cfc15f2c70bb6202caaf437553ce97b0c3ef196a582fca32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/176565/

Comments