MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8a8f480674f1332d382819416bbc934a28d098e52f3b3fc9cb9a29ea9bc3e7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8a8f480674f1332d382819416bbc934a28d098e52f3b3fc9cb9a29ea9bc3e7f
SHA3-384 hash: 6a1bdd6aa43d38782bdbd6150dada7d1ced7ef407423b173f5b2c4a53f06f884cbeddb28186c1565deccfe3bb67f3066
SHA1 hash: bd1bc72b9dea9e780b203da1ff0b539289059401
MD5 hash: f0630d63569e268a3b64e5f58fee6168
humanhash: louisiana-berlin-fish-fourteen
File name:f0630d63569e268a3b64e5f58fee6168
Download: download sample
File size:353'792 bytes
First seen:2021-06-25 06:38:58 UTC
Last seen:2021-06-25 08:13:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a8fd13cfcead7aa4bc2d91debc97c909 (3 x Smoke Loader, 1 x Glupteba, 1 x RedLineStealer)
ssdeep 6144:+gASFUAG+ULJHUUThiuG0Lb0vPjtOP+vrPoc9QjSqKZ3/PEk:USFUAG+ULJHUUtPLb05OPMwc9b5P8
Threatray 93 similar samples on MalwareBazaar
TLSH 0D748C00AAA1C035F6F312F88976A368993E7DB15F7040CB52E5EAEE56346E1EC31717
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f0630d63569e268a3b64e5f58fee6168
Verdict:
Malicious activity
Analysis date:
2021-06-25 06:45:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a442d81c-a420-4f8c-8af9-13be9e615c54

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168237/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.3334.6950.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/620a9128-32e8-4ad6-8d71-d10e8a0880ed
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/807942
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8a8f480674f1332d382819416bbc934a28d098e52f3b3fc9cb9a29ea9bc3e7f/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-06-25 06:39:14 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03659dfd8c9a7f8b300972af15621b9d67b8854cfbf66ecab15f63b1686afa2c
2884051cd64be98b26224c6cd9ba46bc6802242fdb2aabbb3dd4aa6b1eb16a78
45269d3d0fbf13c80d6c496d3ee36e13808e36063bc82e3247cfc291e0f9223c
4a8de772cb047939cbac796b1461b5276e418fb33249cb4d41785ef37fa91a35
644c41a4311cb26bf1e4b1587a7c8b4e843395cadda1f9ab710a585658c829b2
7de1cb68c44e2762ecb7756d5b0f7de4c70f92ffb93adfc2d2c9f5c192eda5fd
809ebb3b8572da276fb521772e931faca272a61a9a05e3a3f0734be71cdcc4f9
9d98cf2a209bc4ccc92b7dc792c6f3b21c0ce1c2f7eb72498823e7a593145fea
aa703fb814c6e09c409060654ea9b5798b6a99cb0ceb25bd31bf894dc60702f5
bf77f5d9f2e3284b7bd38c1c8450a81290fb6e4545f4e66707040413daefc2b3
+ 83 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210625-1nqvf2bvts/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
b2a049b580ef2fe23defefd78644442329b1378213c59357fbec5e24555aac44
MD5 hash:
f9e3e8dcfbfaf22d61687c78a2ff20fa
SHA1 hash:
439731b1bf2b800c2ed8c18fcd14b8ecc25eacc9
Link:
https://www.unpac.me/results/614781f5-52c9-4b2f-bf56-2141b0f17930/
SH256 hash:
a8a8f480674f1332d382819416bbc934a28d098e52f3b3fc9cb9a29ea9bc3e7f
MD5 hash:
f0630d63569e268a3b64e5f58fee6168
SHA1 hash:
bd1bc72b9dea9e780b203da1ff0b539289059401
Link:
https://www.unpac.me/results/614781f5-52c9-4b2f-bf56-2141b0f17930/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a8a8f480674f1332d382819416bbc934a28d098e52f3b3fc9cb9a29ea9bc3e7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a8a8f480674f1332d382819416bbc934a28d098e52f3b3fc9cb9a29ea9bc3e7f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/168237/

Comments