MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f
SHA3-384 hash: 68898d6c925383912f6fa23a95265cc2acf74a87f4023f20335ac38db3e391080b3d84819b6e5ddd0a119b7ea614ff04
SHA1 hash: b8ea3ea7b21f896fad4e6cbf982a455bd756fa05
MD5 hash: c65b2427a7224ac3545857774c12ff0b
humanhash: kentucky-tango-romeo-muppet
File name:c65b2427a7224ac3545857774c12ff0b
Download: download sample
File size:11'895'296 bytes
First seen:2023-02-23 22:29:28 UTC
Last seen:2023-02-24 00:42:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 397fe34ab13aed1ba8b91da7d5a4441c
ssdeep 196608:3ryw/ylaUbctrf+01mvxYJVJISgaZKpZrwlgKGOy/Hz1BIg3abghpU6ZOj8closl:ewn3wvxYJLRRZ6r1T13bpU4psl
TLSH T1E8C623C5199453E0E4EB43306186079DB8816E9895F85E0E7DE13C532FB1EFE214BAEB
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 00f0e4c8d8c8e4e0 (2 x CobaltStrike, 1 x AgentTesla, 1 x SnakeKeylogger)
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
278
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c65b2427a7224ac3545857774c12ff0b
Verdict:
Malicious activity
Analysis date:
2023-02-23 22:31:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/49566fc3-d6ae-4c6e-8d02-b6dd058f3178

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/369343/
Detection(s):
SecuriteInfo.com.Win64.Evo-gen.17068.15066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
80%
Tags:
packed
Link:
https://www.filescan.io/uploads/63f7e8ed5d47c2515e7f68ea/reports/a3105b23-a8a6-4c01-9aa6-944568aca62d/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4772cd2b-2a68-43db-904a-6b5b6af235e0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1181600
Signature
Antivirus detection for dropped file
Creates autostart registry keys with suspicious names
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-02-23 22:30:14 UTC
File Type:
PE+ (Exe)
Extracted files:
56
AV detection:
13 of 25 (52.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vdpkcuxq2oouweicwi5i2nt5qrnidgue5dfpriyxpz4cdxpbyzpq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230223-2esqzahc83/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f
MD5 hash:
c65b2427a7224ac3545857774c12ff0b
SHA1 hash:
b8ea3ea7b21f896fad4e6cbf982a455bd756fa05
Link:
https://www.unpac.me/results/d03a2dd5-2879-42a8-99d3-a9cc28954c61/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a8dea152f0d39d4b1102b23a8d367d845a819a84e8caf8a3177e7821dde1c65f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/369343/
  
URLhaus
https://urlhaus.abuse.ch/url/2469977/

Comments


Avatar
zbet commented on 2023-02-23 22:29:31 UTC

url : hxxp://77.73.134.24/Clip1.exe