MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9
SHA3-384 hash: a43eb7783e791bcec52902e58f9bb5b41d5f934d68163006e96192637320f658621f0fb53a9c1a3f3757f83bd9f98064
SHA1 hash: 4c47a8a49bd24316aec8b1ef21e9c01eb70ff5b0
MD5 hash: 35da45ba1f09cf0596d63094a3a1b790
humanhash: johnny-robert-carpet-william
File name:ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9
Download: download sample
File size:3'193'253 bytes
First seen:2020-11-07 18:31:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ad4e7a75c87d00b0aef55f559d390c99
ssdeep 49152:B/4MnYYJ2ZhqSGLHkJEMnmOyyWZKhPYSr0g7mM+M6RkMkIM7I067W:+IDQnmvDKhgM+M6RkMkIM7R
Threatray 3'730 similar samples on MalwareBazaar
TLSH E8E5AE02B7E18476F4B34672497B93346B3BBC215E20878F23543A5E6D313D2AA3572B
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Tool.WSHELL-1
Create hunting rule

PUA.Win.Packer.Armadillo-65
Create hunting rule

Win.Malware.Kolab-6805871-0
Create hunting rule

Win.Worm.Virfire-6814275-0
Create hunting rule

Win.Worm.Agent-1299329
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Delayed reading of the file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab4d24e50b96e4358963a8232d7244c0aaf208cfec8c8d5022871547ed795fc9/
Threat name:
Win32.Trojan.Musecador
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 00:54:33 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0954707116de7974c38346f17987886632546664d0933bafd412fb343e408317
09a3aa26ef9c6f2544fd2377df9ddb4ed2462db3206cc7723f5015a8e62bde2e
5553a7b6943f4c1435ec14ecb41b95029d6f2a94f7f415f660c14bd8b68ab7f9
6c094a18d2ab75c95ffc39399cece2eebdb8064f91cec40226be037fb20f64d9
7c1eae5e28280689e8db038813d781a47158b6d76f849aeb0c204058dfe94590
a2bd87a81b3cc4f40cc8f1e6ba1111a010ad3970b4dff9e98c729142af28b823
a597feb1835307dd3115e535a07ad16544b7950dd1de4e4247bc3bc49f02a487
be9af0fdc2439628d89ec49342567c6718dba2444972b173e652268173b8202f
dedad3d7a97da9f0103dd87d86a422e38f581879c41ab07594d141eb303d2de9
f2f2480af56f120f4d1f6586940ed898766a86509a2de41c5fea7f305d21b6fe
+ 3'720 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201108-nbrbjc4xxa/
Behaviour
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments