MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a810b6847d8323278c0d90b96b2315ef77347ac13986adfad8254cdc478ace96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a810b6847d8323278c0d90b96b2315ef77347ac13986adfad8254cdc478ace96
SHA3-384 hash: 07bd7346cc0186552e236127e48ab7b53e1f825d46c3c87f348659dff4df49c8ef42cd20faaa096e00f43b06a37c4409
SHA1 hash: 244aca4df4e45b9f5da0b9f7721a44fe082ef479
MD5 hash: 71e9bc6b36513e3631366fc6f24a9169
humanhash: kentucky-bravo-bacon-wisconsin
File name:71e9bc6b36513e3631366fc6f24a9169
Download: download sample
File size:613'376 bytes
First seen:2022-06-23 13:48:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'655 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 12288:AvAPhkPRxliW1YsM7KfENaYxkbUzdz3v+Gkj+Um2riaPnjX45A:AuhkPRrhPqm6aw3v+Gk9fea6A
Threatray 4'779 similar samples on MalwareBazaar
TLSH T14FD4027CA7E7CF32D3C541B5C4E656000371AA06A2F6D35B76A801D7EF42BE18987786
TrID 69.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
9.9% (.EXE) Win64 Executable (generic) (10523/12/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 02616868e0e4e800 (8 x Formbook, 7 x Loki, 4 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/282657/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipbanker greyware packed wacatac
Link:
https://www.filescan.io/uploads/62b46f8e62d792dc573f32f9/reports/403717e6-80b7-404f-82ba-e672de31cc80/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7a4fa6a4-4532-4b65-897f-a69b9802d668
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1018678
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a810b6847d8323278c0d90b96b2315ef77347ac13986adfad8254cdc478ace96/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-06-23 13:49:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vailnbd5qmrspdansc4wwiyv553ti6wbhgdk36wyevgnyr4kz2la._file
Verdict:
unknown
Similar samples:
154a02b254e2bf1230ad78ac790f65cf165a22642a1a9d9c17163adacfcaff41
288c4905fb7d867232c6bf1186db4de45215f9772db601dfd83947b121a01987
536224d5113a2934ac985a3d61a27f87230963315cf1f9c02313ce8248d2ad17
57ac59a69f7b5366e58b18100717297d5ae1570252bf5f3bf3158d2de57e8002
9dcb8b18c173b2407f6edd177227417ab9e0742997570b07d3d40ec71506480d
b0e427b8e2db98edeea688cda0c6b0e33f936fae3a7b09b529a85a6190083df4
ce8a8dcf86d3395b6b9f349e4d2677ae515f1b067febb8f77b070043898ebe8a
+ 4'769 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220623-q4nb1adbhp/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a810b6847d8323278c0d90b96b2315ef77347ac13986adfad8254cdc478ace96
MD5 hash:
71e9bc6b36513e3631366fc6f24a9169
SHA1 hash:
244aca4df4e45b9f5da0b9f7721a44fe082ef479
Link:
https://www.unpac.me/results/4d883eb1-a019-429f-978b-cc710856ca92/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a810b6847d8323278c0d90b96b2315ef77347ac13986adfad8254cdc478ace96

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a810b6847d8323278c0d90b96b2315ef77347ac13986adfad8254cdc478ace96

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2248460/
Cape
Cape
https://www.capesandbox.com/analysis/282657/

Comments


Avatar
zbet commented on 2022-06-23 13:48:57 UTC

url : hxxp://85.202.169.21/yugozx.exe