MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a877d8bfc926208d9f17132e4e04e0602384a8b7f2be0b4fc45ed1ac2e1ccf44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a877d8bfc926208d9f17132e4e04e0602384a8b7f2be0b4fc45ed1ac2e1ccf44
SHA3-384 hash: 93086fa27ff2788f7f0271756d6e81db265b23bd5b4691a7fc3f86350a3361909fd8512d6f2385d1d83da6230e32f4bb
SHA1 hash: 41b08ce841feed5f39a2a0ebad5e014fe0f91c0f
MD5 hash: bb45d02679eae544f33a69f7abedd551
humanhash: wyoming-magazine-pizza-hot
File name:bb45d02679eae544f33a69f7abedd551
Download: download sample
File size:3'442'192 bytes
First seen:2021-12-24 01:52:11 UTC
Last seen:2023-08-26 21:37:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a18c466a89c034cf01801b0439542035
ssdeep 98304:4uW2HbA6WrHDvQZfuMquT8xYxliMdQjUhk:vW2H8ZjcllqgB9ijUhk
TLSH T1C5F533AE2DE7CF94D57522F14F6385F2FA112890B40FD50F4A2C0832EDA6D65E9463CA
dhash icon d3c769250d89975d
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bb45d02679eae544f33a69f7abedd551
Verdict:
No threats detected
Analysis date:
2021-12-24 01:56:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fc4591d3-16d3-4506-a910-db260fb7b96b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
VMProtectStub
Create hunting rule
Link:
https://www.capesandbox.com/analysis/216062/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  0/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3054/overview
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm overlay packed
Link:
https://www.filescan.io/uploads/61c52800ec6c6c14a9eddf0a/reports/618ce373-1ddf-4e45-8112-4e5a014ffdfb/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
KRBanker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5da5cff2-f95a-4e7f-99d4-fe56ad7379b3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/912266
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a877d8bfc926208d9f17132e4e04e0602384a8b7f2be0b4fc45ed1ac2e1ccf44/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-12-23 05:25:00 UTC
File Type:
PE (Exe)
Extracted files:
171
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/211224-cazw2schaq/
Behaviour
Enumerates system info in registry
Enumerates connected drives
Unpacked files
SH256 hash:
fda6a046ccaa6bbb1a5f7c75e9ff7d936aaf841d1fbced495141604dcac081a8
MD5 hash:
048e4659465b2f39511cf2e81a7e5a3b
SHA1 hash:
f447e872bb8d0878d9a708ff661be523361464dd
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
SH256 hash:
feb8d6f800c5e4c59b7310ef71b0bf4cbebb9ad84d2238759058468e654a2abe
MD5 hash:
52099dc0826923842a8e015566fc3fcd
SHA1 hash:
8d5f1e81ca3679c3f9265bdff1b42e3d81f66ce8
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
SH256 hash:
26bee0363de4645a035813f3118d69b5008200e92df1c215fd611246e7619513
MD5 hash:
13bf56795209c6a48ec7be52a112dc50
SHA1 hash:
87fa7b572c20f16c16324fc022bc7fa24fc9fbe0
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
SH256 hash:
d8e895e55f22bc0cd93166a91171ced3da410fc928060261ddadcdeebfb992ca
MD5 hash:
82dff13bfe804b14b910627591f599b6
SHA1 hash:
6e6c6c8470da8ed644f87298b22cc1170a4e62de
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
SH256 hash:
afb4fa198bfa7843701b5646658029a52fc56ff82854ba3e9b2476ee6b8c361f
MD5 hash:
6014dbf738d8768ca9a744ccc5bf2de2
SHA1 hash:
4579ce04da8207c34d5678ab2a86bc40b0c11a7a
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
SH256 hash:
d0ea093e1067aa6c99ae811945c2396fffab25ea4e33f4c51df41b343c568e23
MD5 hash:
a3c734762258732db763e7e11052c958
SHA1 hash:
b0871ee3b3dbf907590d347c893b94033f85eb50
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
SH256 hash:
a877d8bfc926208d9f17132e4e04e0602384a8b7f2be0b4fc45ed1ac2e1ccf44
MD5 hash:
bb45d02679eae544f33a69f7abedd551
SHA1 hash:
41b08ce841feed5f39a2a0ebad5e014fe0f91c0f
Link:
https://www.unpac.me/results/08005710-9531-45d2-8d84-1799cbc984ad/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.74
Link:
https://yomi.yoroi.company/submissions/a877d8bfc926208d9f17132e4e04e0602384a8b7f2be0b4fc45ed1ac2e1ccf44

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a877d8bfc926208d9f17132e4e04e0602384a8b7f2be0b4fc45ed1ac2e1ccf44

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1915732/
Cape
Cape
https://www.capesandbox.com/analysis/216062/

Comments


Avatar
zbet commented on 2021-12-24 01:52:12 UTC

url : hxxps://xz888.oss-cn-hangzhou.aliyuncs.com/5w/%E4%BA%94%E5%91%B3%E4%BC%A0%E5%A5%87.exe