MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36
SHA3-384 hash: a6a7ff53aa54e17668d1426819f619f33c09ae0301e0078992efd627449866e0171150b8f8b9a5723831725aad0d2276
SHA1 hash: f956660e3970f293ef44437a0234c4f5588c11f3
MD5 hash: b10a77609b6420cc5247897d741ab41e
humanhash: speaker-nine-salami-white
File name:Air HQ PR Policy.lnk
Download: download sample
File size:1'770 bytes
First seen:2024-01-12 13:10:22 UTC
Last seen:Never
File type:Shortcut (lnk) lnk
MIME type:application/octet-stream
ssdeep 24:8v7JvbIrMZWRMuRHCCA264jdlRfdd79dsyozXozHfpo:85OKIAadlRfdJ9UMbp
TLSH T1BE3154253BE90715F3F25F3268F7B626997BF806CA03DD1E11C242084851701D128F7B
Reporter abuse_ch
Tags:lnk

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Heur.24007.13687.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.20221214.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Link:
https://app.docguard.net/a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
cmd lolbin
Link:
https://www.filescan.io/uploads/65a13a6dfd5068bbc3d1512e/reports/f23f3244-453e-46da-aa94-695f48e8c503/overview
Verdict:
Malicious
Labled as:
Trojan/LNK.Starter
Link:
https://www.hybrid-analysis.com/sample/a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1373715
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Windows shortcut file (LNK) starts blacklisted processes
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vai2fxvinw7w52ncrbre3ybjxysbld5ir5ngyefm6w7qdlqvty3a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240112-qex5xageen/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:EXE_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies executable artefacts in shortcut (LNK) files.
Rule name:PDF_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies Adobe Acrobat artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments