MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e
SHA3-384 hash: b2bb14ba694b791fe50d22483cdfa1ca09862920a1f81258db8ddabfff85dac69601d959484888f73ebae17a869cef41
SHA1 hash: 86f926f052a66b300272c18846802cc56c5a1700
MD5 hash: 6c13cfa37c442520c5a0f923aa93f1cb
humanhash: virginia-shade-ink-delaware
File name:file
Download: download sample
File size:88'064 bytes
First seen:2023-02-28 14:09:49 UTC
Last seen:2023-02-28 15:27:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 665c4c0042de2fac7d388e8a44d8e77b
ssdeep 1536:yDTOlmyW5XXrtxfyZ7V9N4INCxVnA2rbxM3pf7IO6CFQ0:uyqnbE7PWvy64
Threatray 55 similar samples on MalwareBazaar
TLSH T1F08333E0776D81C8DDB03EB8D87B257186664DAD2A68CB1684F2733CAFF708534974A4
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 0f3333716933070e
Reporter jstrosch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2023-02-28 14:15:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6d086e8f-1ed6-4fd9-84d3-f27ae0d725c7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/370642/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed ransomware
Link:
https://www.filescan.io/uploads/63fe0b3ebfec0852a68de232/reports/4e7f88f9-ccd2-43eb-b4bb-70fa5876977b/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a6593b20-0c23-46de-a775-22873d35b5d5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1184313
Signature
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-02-27 15:32:43 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
17 of 39 (43.59%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=trfu66stbo7pjvfqaeto7lahymkre7wrntnxcc3jrozxrb4amf7a._file
Verdict:
malicious
Similar samples:
3d9bb04e7a60c53f935b8fca303e044df164262d5d65f02ab063e1a74ecb02a0
444ccb4a0c24e38f61ba9722d095fc8487aeacf0d16b322f019b9547af2f423a
7140765cd0d5f61bb453f0511e24786e21d950c2cb3b30aa2945ba1846a4e0a5
738ff1b734f45db5f96fcf7cf44bc19be88ae922ef08a4b1952bdc3b12e86090
a4c1df15712b32ba96bfd375ee306f67fa29751007774d06b08cd092e7feeb9a
cdc6aef29d300c937b80abade4022803e565f3895b697dbcddc11fe36e19d0f5
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
aspackv2
Link:
https://tria.ge/reports/230228-rgprzsbc6y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
4ac3a69f1837266a2d58a2c8081f348ebea3a5cb78ff962929d53e48578e5028
MD5 hash:
2a7396c95d877c3299ad7fc7a97522dc
SHA1 hash:
5c992e55f35735128820dcb8d2b74bd6d333f3d2
Link:
https://www.unpac.me/results/1e2df0f7-34c7-4c4b-99db-1b75dfbc773f/
SH256 hash:
9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e
MD5 hash:
6c13cfa37c442520c5a0f923aa93f1cb
SHA1 hash:
86f926f052a66b300272c18846802cc56c5a1700
Link:
https://www.unpac.me/results/1e2df0f7-34c7-4c4b-99db-1b75dfbc773f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_ASPack
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ASPack

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9c4b4f7a530bbef4d4b00126efac07c315127ed16cdb710b698bb3788780617e

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/370642/
  
URLhaus
https://urlhaus.abuse.ch/url/2550351/

Comments