MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5428bdcca0e7eb55e61c50fca985553e0c993dfdd65052ec2e528d5d7d4adf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5428bdcca0e7eb55e61c50fca985553e0c993dfdd65052ec2e528d5d7d4adf3
SHA3-384 hash: db83beac7e9aa29a994851380a942cde6cf8b8d74205f7fec4629f8ebd2c0895ee9fb346f02ecec2fc6fe65de1cfcca0
SHA1 hash: 81dc9fa854987fae1d66dd0a4caa91948cdd6fb7
MD5 hash: 7a51f04e7e665807091656db38ebc814
humanhash: salami-october-winner-may
File name:7a51f04e7e665807091656db38ebc814.exe
Download: download sample
File size:1'081'146 bytes
First seen:2021-02-04 11:46:09 UTC
Last seen:2021-02-04 13:47:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f9ade0aa18f660a34a4fa23392e21838 (9 x DarkSide, 3 x BazaLoader, 2 x ShikataGaNai)
ssdeep 3072:8sOv8fESTARqUUCFt9/Ns8QDCaExTV1NTTLQETTaEykC3/hC3/:ZOvk/E1TQmB6
Threatray 112 similar samples on MalwareBazaar
TLSH C8356D12D7A39891D83AC83062F5E532FD393953D8B8FAEF931582425B50FE0A6DD325
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7a51f04e7e665807091656db38ebc814.exe
Verdict:
No threats detected
Analysis date:
2021-02-04 11:50:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/84dbf515-5b94-4871-87a5-e03d81783888

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/115572/
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/599275
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 348670 Sample: dXkHytwjO2.exe Startdate: 04/02/2021 Architecture: WINDOWS Score: 52 11 cdn.onenote.net 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 Machine Learning detection for sample 2->15 7 dXkHytwjO2.exe 2->7         started        signatures3 process4 process5 9 cmd.exe 7->9         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a5428bdcca0e7eb55e61c50fca985553e0c993dfdd65052ec2e528d5d7d4adf3/
Threat name:
Win64.Trojan.Mansabo
Create hunting rule
Status:
Malicious
First seen:
2021-02-04 11:46:29 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0c9156f9885edcf1aa9cfdfc3babece062686a66acb4145a3ea411a86023ca26
0ea9cf0bd883474ef6ba82826db6dfc1b98c79a98f98a30af410daae7b99ed25
1a2ef4ec2183acab4212a862ac9a29fcee45ce79caeca9788bf8ed89d039d610
1d25dcba3d5639e4275035eaab8f392fbd8e1c312aa3410da467e563223eef2d
4aad2f66a40b5d478a015019fd034c67eb207ca9157caab58cbdcdd4ad7a93a8
4abdfc32cf6f40a2cb35cd251fb4f17a0c25b6d8df8e4ec5abc42bea4eefc986
54bbf17d3da81396a0f0819b06ef5d3badeb385dc12fcaa6b2d29ef66116a2ab
96ab95c222e639ffd3232a9bd0345653eb6863300118ffc9da204f30b7ab8437
d03fffa84d08f296d65b66d549b446a7b9ee228815dcb2d9e6a83f41c6c81e13
f3fd353ec995ec76ffab63ea1b448e076268f7e891a651a170aa69d39e0b6d54
+ 102 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210204-2df1k712en/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
a5428bdcca0e7eb55e61c50fca985553e0c993dfdd65052ec2e528d5d7d4adf3
MD5 hash:
7a51f04e7e665807091656db38ebc814
SHA1 hash:
81dc9fa854987fae1d66dd0a4caa91948cdd6fb7
Link:
https://www.unpac.me/results/f40aa54b-77f5-482a-a9b8-4fda89ca236d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a5428bdcca0e7eb55e61c50fca985553e0c993dfdd65052ec2e528d5d7d4adf3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a5428bdcca0e7eb55e61c50fca985553e0c993dfdd65052ec2e528d5d7d4adf3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/989616/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/115572/

Comments