MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485
SHA3-384 hash: 3f8112efcb2b611a34f1662778beccbb3c36f1f64f7147ce124f9a591b0668769ebb378955bf55e9a2a3f1db96cc633d
SHA1 hash: c238761b379a75fa268125561bbae41e72caca63
MD5 hash: 202c012aedd7440f4eadf3a7e3a83ad0
humanhash: cola-three-twelve-oregon
File name:Pm6hl90d.bin
Download: download sample
File size:4'507'136 bytes
First seen:2023-04-13 06:47:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 96d5fa481b9a65c7095d2725e96f5ddd
ssdeep 98304:bor74K/vTyBVi61uBst1fbVQr0zutHsSLUNbsBp:u/vTKQwuBgNbVXuBUl
TLSH T1AF26337972BA81B0C1DE3E349A1685C876F01D9281238D2B3E453DDB36FAF159A4ED13
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon b3b333737193b3b2 (6 x SnakeKeylogger, 3 x Loki, 2 x Formbook)
Reporter JAMESWT_WT
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
274
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Pm6hl90d.bin
Verdict:
Malicious activity
Analysis date:
2023-04-13 06:50:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c87f2962-4807-46ad-a7e7-af0838a0adae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/381956/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.20359.6202.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/77704/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed xpack
Link:
https://www.filescan.io/uploads/6437a5a359a1287810bc0395/reports/c8fe9117-67bf-4195-83fc-6d829eccf8d9/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5672705c-5c34-4122-8a68-334310976a63
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1213055
Signature
Antivirus detection for dropped file
Creates autostart registry keys with suspicious names
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-04-13 06:47:58 UTC
File Type:
PE (Exe)
Extracted files:
91
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tvvqybbl5bbvn7ytqsywnol7u2oxdwdd4n6suap7etq4kagzascq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230413-hj9eqshh52/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
7e4b917ae91579173f2bb5ebece9b4631aa7a2b4bd0cff0e3b1fe1ebaa02882f
MD5 hash:
6ad0a999af32661920c47bfa6a579721
SHA1 hash:
6286c8cdd4fdd14c66cdec26fb26538dbae24b15
Link:
https://www.unpac.me/results/ba2fad1d-41dd-4e60-9e49-58a68c6c92b2/
SH256 hash:
9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485
MD5 hash:
202c012aedd7440f4eadf3a7e3a83ad0
SHA1 hash:
c238761b379a75fa268125561bbae41e72caca63
Link:
https://www.unpac.me/results/ba2fad1d-41dd-4e60-9e49-58a68c6c92b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9d6b0c042be84356ff1384b166b97fa69d71d863e37d2a01ff24e1c500d90485

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/381956/
  
URLhaus
https://urlhaus.abuse.ch/url/2580611/
  
Delivery method
Distributed via web download

Comments