MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d
SHA3-384 hash:	5a34781112156609a13bcf1edf8e354872f1014974320d35b67220764d2194201f49703da57e27a7da6e3dc79ca7a8e4
SHA1 hash:	d90e8935f2f28700bac65ca619e7e0386eeb0afe
MD5 hash:	244dc22b5e38b065996482be7990088f
humanhash:	carpet-skylark-carbon-ohio
File name:	SecuriteInfo.com.Trojan.Sabsik.FL.11236.30556
Download:	download sample
File size:	49'152 bytes
First seen:	2024-03-04 13:33:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	815ca4a0ff9c2d11ea4c99a7a40db0aa
ssdeep	768:UolLPAmnXMF2/vF+WZCjlZzWyDXUuo7MqCkTQe+zNh3HKEAe9q:zPAPF2/vF+WZCjlZvXUuo7IbpzNh3H6H
Threatray	18 similar samples on MalwareBazaar
TLSH	T17623C746B3E52F85D82952B11EF6C3B54267E8F10A73170B27097A6A353BF512E3E321
TrID	86.6% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8) 4.7% (.EXE) Win32 Executable (generic) (4504/4/1) 2.1% (.ICL) Windows Icons Library (generic) (2059/9) 2.1% (.EXE) OS/2 Executable (generic) (2029/13) 2.1% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

293

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Sabsik.FL.11236.30556.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Searching for synchronization primitives

Changing a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

fareit threat vobfus

Link:

https://www.filescan.io/uploads/65e5cdd5aa3c088d605c60f1/reports/545cbaf2-2755-417a-9f5b-b080fa56b940/overview

Verdict:

Malicious

Labled as:

Trojan.Dropper

Link:

https://www.hybrid-analysis.com/sample/9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/3a82bd48-99f7-4941-b7f5-07291a694c49

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/1402645

Behaviour

Behavior Graph:

n/a

Score:

87%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tufya2thn5fr3iex3mkpbge3yfk7otnpbkr5ki7mifspsvh2if6q._file

Verdict:

unknown

4138d92e4af5e1c1b49d654c8a55c5c759261e2d4108c6ef6b4308f9ba8b0355

52de83987941b92875cecdd1661cc2757eae4f02ef564fd2e147d06eb9d8ab44

537c39897b958509621a74ab5054dad32c098a3eb3b781bf3d6bd3ff7b79f2c1

5fffca6c293a697890e7851f0d667cc44f37176e41ed1e7455aa7034f731b6f1

6367425a2a76a759b2007ae18f0d6f22c6a07a67fbeae5b7f72fa2c588b4470b

94e024435cc8cafb2705bf98e9551feaa5d2ab426fcbcef9efde59fe9ccb9e53

9f6de85e6ac6ca0e2a0e1912f3d950c3765425d076e87627c9a58b033747c5af

b7772e6959c773d04203373a3adcff3bc81b667726cf4f7155c9135331b21760

e3de56743984f479773ffddf63214d7e202421ee8f23f05e9bb76aad2c77e20a

+ 8 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240304-qt4k8sce45/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Unpacked files

SH256 hash:

9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d

MD5 hash:

244dc22b5e38b065996482be7990088f

SHA1 hash:

d90e8935f2f28700bac65ca619e7e0386eeb0afe

Link:

https://www.unpac.me/results/2c8d0db5-50dc-4cd8-9e75-338e83df1bc2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9d0b806a676f4b1da097db14f0989bc155f74daf0aa3d523ec4164f954fa417d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample