MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0ffd22f0d5d17eff1a0f75d7a1d6819a6674fc021d34f1c28fb3e5088918e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	a0ffd22f0d5d17eff1a0f75d7a1d6819a6674fc021d34f1c28fb3e5088918e9d
SHA3-384 hash:	ac03e2c2ca0db14dcee9062234048bc0505a349d36b1cf851ebf301320b0884eae1ad64e8d3bedea81bdb50d9915f94a
SHA1 hash:	59e2035670f61a2fdb7e0e2f99f0a5b59d532234
MD5 hash:	acb6572431e7610bce736f5d61645cb2
humanhash:	artist-victor-violet-quiet
File name:	acb6572431e7610bce736f5d61645cb2.exe
Download:	download sample
File size:	1'825'792 bytes
First seen:	2022-12-29 19:38:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep	49152:VshdTxP0jKN5f0Lih+PALo7ifPKRKWkKAvGVEDkle:mV00+P0o7ifSVkK2Dj
TLSH	T1828533E8B8906D3EFDD502FA5C8BAEB4347BDD6529780477508D7A4EE5343C8EB02A44
TrID	35.7% (.EXE) UPX compressed Win32 Executable (27066/9/6) 35.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	10f0d4d4cc687110
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

166

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

acb6572431e7610bce736f5d61645cb2.exe

Verdict:

Malicious activity

Analysis date:

2022-12-29 19:42:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4967f604-aa67-415c-aefd-4eb124214de3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Dropper.XtremeRAT-9962659-0

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Creating a file in the %temp% directory

Creating a file in the Windows subdirectories

Сreating synchronization primitives

Running batch commands

Creating a process with a hidden window

Launching a process

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

packed shell32.dll

Link:

https://www.filescan.io/uploads/63adecd806f34cc0fa52601f/reports/6d95006c-fabe-410c-bd04-eccf264f9de2/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a2ede869-21e7-464c-987e-9f002fd9e007

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1142875

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Antivirus detection for URL or domain

Binary is likely a compiled AutoIt script file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a0ffd22f0d5d17eff1a0f75d7a1d6819a6674fc021d34f1c28fb3e5088918e9d/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-12-29 19:39:13 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 39 (48.72%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ud75elynlul674na65oxuhlidgtgot6aehju6hbi7m7fbcerr2oq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/221229-ydjvwshc4z/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Drops file in Windows directory

AutoIT Executable

UPX packed file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/cd6376c9-07ce-4011-9bd9-abea6cad4b21

Unpacked files

SH256 hash:

a0ffd22f0d5d17eff1a0f75d7a1d6819a6674fc021d34f1c28fb3e5088918e9d

MD5 hash:

acb6572431e7610bce736f5d61645cb2

SHA1 hash:

59e2035670f61a2fdb7e0e2f99f0a5b59d532234

Link:

https://www.unpac.me/results/6150fb44-b98a-4502-9062-4f607bec5f59/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a0ffd22f0d5d17eff1a0f75d7a1d6819a6674fc021d34f1c28fb3e5088918e9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe a0ffd22f0d5d17eff1a0f75d7a1d6819a6674fc021d34f1c28fb3e5088918e9d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2250903/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample