MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad8e32c58c848eb03c4414224e74530dab7ea632229d704fc888a7a843396650. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad8e32c58c848eb03c4414224e74530dab7ea632229d704fc888a7a843396650
SHA3-384 hash: 3c2fb47124594bea649c36f2a926b3ad03b313e01c90bb143108cd12c37bc1101e87135c30ed061b2bfa458bd20111be
SHA1 hash: b747e36a1982f3cd1db74ba2157d25ba918a0803
MD5 hash: ad8f55814ccaee68b12c96f1ccb8bb6a
humanhash: twelve-colorado-september-alaska
File name:file
Download: download sample
File size:390'082 bytes
First seen:2022-09-16 15:47:30 UTC
Last seen:2022-09-17 14:09:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'450 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 6144:x/QiQXClkm+ksmpk3U9j0IcvOGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZoglM7LT:pQi3lP6m6UR0IcvlL//plmW9bTXeVhD4
Threatray 404 similar samples on MalwareBazaar
TLSH T12D841242F3E54839D073CEB05CA0E962893F79654DBC650836ECAD8F9F3B5829256783
TrID 75.1% (.EXE) Inno Setup installer (109740/4/30)
9.7% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.0% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from https://bolt-09.s3.eu-west-1.amazonaws.com/Bolt.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2022-09-16 15:49:59 UTC
Tags:
installer loader
Link:
https://app.any.run/tasks/d67acbbd-7565-43f1-bd7f-34e83a2af7ee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/310620/
Detection(s):
SecuriteInfo.com.Application.Agent.AIQ.2330.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Creating a process with a hidden window
Searching for synchronization primitives
Creating a file
Searching for the window
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Creating a file in the system32 subdirectories
Unauthorized injection to a recently created process
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/37919/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63249b36ba7b8113dd6b018e/reports/77adc134-5361-4302-9bc0-e35bc06a1403/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d4fdc0ae-e49c-45fe-b3a2-0fb9fdb93d83
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1071754
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Obfuscated command line found
Snort IDS alert for network traffic
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad8e32c58c848eb03c4414224e74530dab7ea632229d704fc888a7a843396650/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-09-16 15:48:08 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vwhdfrmmqshlapcecqre45ctbwvx5jrsekoxat6irct2qqzzmzia._file
Verdict:
malicious
Similar samples:
63581ae3a6484a00bb415bdc2105a1256fb9929a7cb3ef9bcce1b141bb99bf7f
711d8a94c429866e76447eb867f6408eb83b85d9bbea615084722e6055a9d939
7c23a4178b8fc14dedfd30b2b8fe462b4d936210bc64d6a14671b14a9387306a
82346f3a4b7e84f746f6242ff70265b1467ffdcd01954f71806f86c2989a9819
83a0838ce422cf0354914df7efde5aeadb19cbc84ee315725de96237df2a36aa
c59afb9bb8fad3568800ebdfd5fd07e35d3b77c3ce7316cda5fa1c37b924c4b8
de1ae614a8a926b44989594d2bd4615c14700e575662d7c4689789d6b228f79e
f0dc8fa1a18901ac46f4448e434c3885a456865a3a309840a1c4ac67fd56895b
+ 394 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220916-s8rlbsbhdk/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Downloads MZ/PE file
Drops file in Drivers directory
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/430e2868-07e8-44ec-b1e7-3596c7e3f420
Unpacked files
SH256 hash:
e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4
MD5 hash:
0dedd909aae9aa0a89b4422106310e9e
SHA1 hash:
271d36afa5b729ee590cf8066166ca5e9c9d0340
Link:
https://www.unpac.me/results/2cfb53b0-0006-4d00-9e00-2454f83bc937/
SH256 hash:
0e019f4751259cbe87f6ccf804147bac3928165bb6bcc8bc9fccbb87bf020b32
MD5 hash:
680423a6a130bdf8726463054dfa3c7b
SHA1 hash:
f60ab897afb2a86399918a40c402c7bb1e165f73
Link:
https://www.unpac.me/results/2cfb53b0-0006-4d00-9e00-2454f83bc937/
SH256 hash:
ad8e32c58c848eb03c4414224e74530dab7ea632229d704fc888a7a843396650
MD5 hash:
ad8f55814ccaee68b12c96f1ccb8bb6a
SHA1 hash:
b747e36a1982f3cd1db74ba2157d25ba918a0803
Link:
https://www.unpac.me/results/2cfb53b0-0006-4d00-9e00-2454f83bc937/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ad8e32c58c848eb03c4414224e74530dab7ea632229d704fc888a7a843396650

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/310620/
  
URLhaus
https://urlhaus.abuse.ch/url/2305418/

Comments