MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aba19cc38e4985676b27e5a87d4e11c8bdbb8ee25f27b0482512153bb8483f0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	aba19cc38e4985676b27e5a87d4e11c8bdbb8ee25f27b0482512153bb8483f0c
SHA3-384 hash:	2525c37248d50fc76906370729b01b8675b4d93768a3ba9debd20c92f45321352987ba133398fb7e660870fa5e744c84
SHA1 hash:	e5226b8f336152687c9fb8fd97633973bc1f77b4
MD5 hash:	d1b0ccca11d7dc589c50a7da0de371ef
humanhash:	kentucky-venus-vegan-ten
File name:	777777 commercial.exe
Download:	download sample
File size:	313'056 bytes
First seen:	2022-08-17 13:02:17 UTC
Last seen:	2022-08-17 14:48:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4ea4df5d94204fc550be1874e1b77ea7 (241 x GuLoader, 29 x RemcosRAT, 17 x VIPKeylogger)
ssdeep	6144:DB+pgULLC8FMO8ajrjVQucmPdkarWwilYbDw7:DgDL3CO8axpDPmaFi2P2
Threatray	4'475 similar samples on MalwareBazaar
TLSH	T1FC64F1553796E443C3115B306ADAF73D8A38AF043979CB0777B0BF9A7620BA1A94C352
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter	0xToxin
Tags:	exe signed

Code Signing Certificate

Organisation:	Payment Scoffingly Selvlydene
Issuer:	Payment Scoffingly Selvlydene
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-01-01T12:26:59Z
Valid to:	2024-12-31T12:26:59Z
Serial number:	2effe7c3000827c9
Thumbprint Algorithm:	SHA256
Thumbprint:	f16481bea983ca7717eca23c0731aeb6f0f27338a2b5fa78ce07492b69e8f95f
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

305

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

777777 commercial.exe

Verdict:

Malicious activity

Analysis date:

2022-08-17 13:03:05 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/95cce0a4-5be3-4cad-a881-acf055a7f136

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/299283/

Detection(s):

SecuriteInfo.com.win.grayware_confidence_60D.24045.27980.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a window

Creating a file

Creating a file in the %AppData% subdirectories

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Searching for the Windows task manager window

Launching a process

Creating a process with a hidden window

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/29239/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/62fce70a8adad7d7739af6a0/reports/47d549a6-f81f-4bbf-a1ea-19bf717cf761/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/5cadac11-e6af-46fd-a558-b8e911c818ab

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

9 / 100

Link:

https://www.joesandbox.com/analysis/1053019

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aba19cc38e4985676b27e5a87d4e11c8bdbb8ee25f27b0482512153bb8483f0c/

Threat name:

Win32.Trojan.GuLoader

Status:

Malicious

First seen:

2022-08-17 13:03:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

13 of 26 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=voqzzq4ojgcwo2zh4wuh2tqrzc63xdxcl4t3asbfciktxocih4ga._file

Verdict:

unknown

56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223

595f2ae803f01eba157b6deff4687380346e15609e43cc05b541b527bb7292eb

659d6a4757ecc8ee426b62660c1379645873a6b3df3efcddd3dec68a1b35cb60

6fcf190d85dee62ab18a9bd36d8db98cadc10e75ec8aacd1093013a46e188db4

87c0d52853b4adacc1cf180c63708962b20333443e6cda059b4a3cb2087edc5e

b60f2abca2515ab7c447ab5b237a50c634357f7d4c9591b76c0b44829ad30460

dafdcd9e9b75c4d7187fcfb384788bf5925a1a3426eb7e6d3cc2147b5e9bdc66

+ 4'465 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/220817-qaccmsagh9/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Drops file in Windows directory

Loads dropped DLL

Unpacked files

SH256 hash:

7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

MD5 hash:

c5b9fe538654a5a259cf64c2455c5426

SHA1 hash:

db45505fa041af025de53a0580758f3694b9444a

Link:

https://www.unpac.me/results/5effdb6a-ba61-4836-bab9-ab635fa1002c/

SH256 hash:

067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

MD5 hash:

0d45588070cf728359055f776af16ec4

SHA1 hash:

c4375ceb2883dee74632e81addbfa4e8b0c6d84a

Link:

https://www.unpac.me/results/5effdb6a-ba61-4836-bab9-ab635fa1002c/

SH256 hash:

2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

MD5 hash:

a4dd044bcd94e9b3370ccf095b31f896

SHA1 hash:

17c78201323ab2095bc53184aa8267c9187d5173

Link:

https://www.unpac.me/results/5effdb6a-ba61-4836-bab9-ab635fa1002c/

SH256 hash:

8c6a95a1bf06c22224ab43bc1a1948f2cb0fd8d7089f2b828033c0fde161d2c2

MD5 hash:

d5bf01b2a316120d3d906e48e850520e

SHA1 hash:

a0e2f1caca1d35c227d231e6063d71ffe1d06322

Link:

https://www.unpac.me/results/5effdb6a-ba61-4836-bab9-ab635fa1002c/

SH256 hash:

aba19cc38e4985676b27e5a87d4e11c8bdbb8ee25f27b0482512153bb8483f0c

MD5 hash:

d1b0ccca11d7dc589c50a7da0de371ef

SHA1 hash:

e5226b8f336152687c9fb8fd97633973bc1f77b4

Link:

https://www.unpac.me/results/5effdb6a-ba61-4836-bab9-ab635fa1002c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/aba19cc38e4985676b27e5a87d4e11c8bdbb8ee25f27b0482512153bb8483f0c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe aba19cc38e4985676b27e5a87d4e11c8bdbb8ee25f27b0482512153bb8483f0c

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/299283/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample