MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5
SHA3-384 hash: efe931e02cf1ddb8ff1811945fa1937442a304f977fd3591d38cb3fbd7f1c27561197a212e659bbf953b87f0b801dfb5
SHA1 hash: 98a4736bb5941064e0ef477c58918e3776bdc3c3
MD5 hash: 7ef92f0286f603305c076705ef5cb8c9
humanhash: seven-sixteen-lake-hamper
File name:a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5
Download: download sample
File size:1'879'552 bytes
First seen:2023-02-17 12:26:26 UTC
Last seen:2023-02-17 14:42:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash df355ead100081bb38f430348474e17e
ssdeep 49152:+hyoUgDRm4d6TkU+rsqVrhDk1hXIU6i6:AjdZhrs0hDf+
Threatray 7 similar samples on MalwareBazaar
TLSH T107959E03F68149B9C469C27883479736B671BC890726F7EF1BD4A6213E22BE05F2C759
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter BushidoToken
Tags:CargoBay exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
240
Origin country :
GB GB
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5
Verdict:
No threats detected
Analysis date:
2023-02-17 12:27:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c8888a22-2bde-44ff-a077-b8fd247eedd6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/367657/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.8436.14617.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/71262/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug greyware hacktool packed
Link:
https://www.filescan.io/uploads/63ef7297b8f7cb97bffde521/reports/fc55a87c-8eec-4d2d-b357-788167120a51/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/05b5c1b9-684b-4d47-adc7-e26c0e5d986c
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1177913
Signature
Found API chain indicative of debugger detection
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 810735 Sample: 4aYBIDHd2G.exe Startdate: 17/02/2023 Architecture: WINDOWS Score: 24 6 loaddll64.exe 1 2->6         started        signatures3 17 Found API chain indicative of debugger detection 6->17 9 cmd.exe 1 6->9         started        11 rundll32.exe 6->11         started        13 conhost.exe 6->13         started        process4 process5 15 rundll32.exe 9->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-22 01:33:40 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
8 of 25 (32.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfr2rkhblayidwvegy4hitxpnraq2gsbbqi6xfat3ik2e3uafxsq._file
Verdict:
unknown
Similar samples:
0c0cd1ac629133a1cf54c398fdfa86873925d044a35e0ccd2d5436abe53682f7
5218ea3cfcc44010b18418240a2f2dd81cff0a52d5ba4a300b42563e346bf844
90a777852be885a9b7ab7ca025c97ee6657dc052fef2ba29fec501673bd3592a
9432024a253af6bbbd19d011547117edafff8a18b10c0ac739661999ad9ba2a2
b0620f36f136d0c8e4c036a67798de2902bbd45bd21bd026102d53285d56622c
d800e466a5457ca63d18fcaaf8afea7743c94e26c847ba55175d14b1f0da2408
daa78ec9ac5ba2efffe8ee414c348e2eafa787e341dea0ac83f602b56520fa75
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230217-pmq6wseh4t/
Unpacked files
SH256 hash:
a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5
MD5 hash:
7ef92f0286f603305c076705ef5cb8c9
SHA1 hash:
98a4736bb5941064e0ef477c58918e3776bdc3c3
Link:
https://www.unpac.me/results/dd10eafa-c854-4900-ae00-851b59e52877/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a963a8a8e1583081daa43638744eef6c410d1a410c11eb9413da15a26e802de5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/367657/

Comments