MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a14f448e7fbeed5aee2f0db602bca444bb821e731452e0e43f914b1cd902fec5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a14f448e7fbeed5aee2f0db602bca444bb821e731452e0e43f914b1cd902fec5
SHA3-384 hash: 6e74756fc184179806d9fa48a6fb6f48f7ac58bafb5f37e56f3da44ecb1f2b791f0c3cdca5dc40636914e6d850c6fc2b
SHA1 hash: 8fe5bcd90416a48b3f862ea52f726239d2d8efc3
MD5 hash: 5767ca40c29cb20842c8d3b12c93d582
humanhash: gee-ceiling-black-bluebird
File name:chuaname.exe
Download: download sample
File size:161'568 bytes
First seen:2023-06-30 18:47:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 97e65999ac3a66c864b3eb38bb84c377
ssdeep 3072:s2A2+ClsFxK7hfi5ji+8T26z02mNt4H96u:/AbZFx4h2uaew4Hn
Threatray 8 similar samples on MalwareBazaar
TLSH T125F38D2335E0CCF3D24A11314DA69B6EB3B9F9700E624943F3D46B8D9D38AD1A627257
TrID 32.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
17.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.7% (.SCR) Windows screen saver (13097/50/3)
11.0% (.EXE) Win64 Executable (generic) (10523/12/4)
6.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter obfusor
Tags:exe signed

Code Signing Certificate

Organisation:Microsoft officially certified software
Issuer:Microsoft officially certified software
Algorithm:sha256WithRSAEncryption
Valid from:2023-06-20T16:00:00Z
Valid to:2040-12-24T16:00:00Z
Serial number: -45f27f202fd28e7abb5fe5689fb823c6
Thumbprint Algorithm:SHA256
Thumbprint: 3aaf7c032e923d840ddb68d05f11a9164cd6cb03dbd7ff180bb9edf25caed7c8
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
280
Origin country :
HK HK
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/404484/
Detection(s):
SecuriteInfo.com.Win32.DropperX-gen.26460.30866.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/94397/overview
Behaviour
MalwareBazaar
CursorPosition
CheckScreenResolution
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware keylogger lolbin overlay shell32
Link:
https://www.filescan.io/uploads/649f236226dab9d9c8507914/reports/0397a8d2-6e51-4b3b-85e8-0d9dc225bc08/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/a14f448e7fbeed5aee2f0db602bca444bb821e731452e0e43f914b1cd902fec5
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/90239f5d-ebc2-4c60-b161-4195fefb0fbd
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1264170
Signature
Connects to many ports of the same IP (likely port scanning)
Creates an undocumented autostart registry key
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a14f448e7fbeed5aee2f0db602bca444bb821e731452e0e43f914b1cd902fec5/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2023-06-30 18:48:05 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ufhujdt7x3wvv3rpbw3afpfeis5yehttcrjobzb7sffrzwic73cq._file
Verdict:
malicious
Similar samples:
08fa137f149258d31819045b72485175dc30fcd575a3764a419944acba067821
097b0639eac5dce89da4f863e328cb7cdb59dddb97874056d5745baa6aa549fc
1998cb65315d3f5fe9684f5f387a78901c16a1044b0dc8ceb073754be52c2b75
27c8bd76150ddda5b09d6db11f67269cee2eecac345df67f93aab3e3aaabde7c
7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe
7f44e4f52472d6384266a1dc76a77cc55a391f8bcd511511ec183a48afc8e8f2
9a21ae5a8e4f0c012bbb9e17a3ec684bc70d53379296878c4928c66a9d3b66fe
dd3d4a55e3352233b34e6567dffc8252331ef7199b43c2c1ed010f0464fc464f
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/230630-xfrsvafd4w/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Enumerates connected drives
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Downloads MZ/PE file
Unpacked files
SH256 hash:
a14f448e7fbeed5aee2f0db602bca444bb821e731452e0e43f914b1cd902fec5
MD5 hash:
5767ca40c29cb20842c8d3b12c93d582
SHA1 hash:
8fe5bcd90416a48b3f862ea52f726239d2d8efc3
Link:
https://www.unpac.me/results/e67727af-9422-4d95-8fd3-962523186e0f/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a14f448e7fbe/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a14f448e7fbeed5aee2f0db602bca444bb821e731452e0e43f914b1cd902fec5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/404484/

Comments