MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 add0fc7c0ee95037188480e1cf178635c0ca08bef781a8b64b2f2f69dad601b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Havoc


Vendor detections: 5


Intelligence 5 IOCs YARA 13 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: add0fc7c0ee95037188480e1cf178635c0ca08bef781a8b64b2f2f69dad601b7
SHA3-384 hash: 3b2a966999b446d412c22dcb1bf8da7e4bff4cf65a70b28d922bb637d8c02ce9a1c61f3cea298a7a6f95fe55996fcd4f
SHA1 hash: 39e462b41ef85d9ecca2ed15fe79bddbdf8bb2be
MD5 hash: 46843c160a002814236172d2aadaba2c
humanhash: louisiana-music-steak-neptune
File name:swift-no-obfuscation-x64.bin
Download: download sample
Signature Havoc
Create hunting rule
File size:103'935 bytes
First seen:2024-10-18 07:13:40 UTC
Last seen:Never
File type:unknown
MIME type:application/octet-stream
ssdeep 1536:HL03RlahmBSXqfIT0WbBGoX0dKvmMSb7gBXWkMzZbloua:+UwSXqfIgWtxX0dwlMzZKua
TLSH T19AA3A503E2A720FEC4A9C2B447DF7232FAB3B45C21346A0F5710CB552B62AB1767D659
Magika unknown
Reporter JAMESWT_WT
Tags:169-1-16-29 Havoc

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Havoc-10035024-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
havoc havokiz masquerade rijndael
Link:
https://www.filescan.io/uploads/67120abcbc6470761600cfed/reports/c41e6d41-d086-4f7b-9039-5edcffa954d0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/add0fc7c0ee95037188480e1cf178635c0ca08bef781a8b64b2f2f69dad601b7
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/add0fc7c0ee95037188480e1cf178635c0ca08bef781a8b64b2f2f69dad601b7/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxipy7ao5fidogeeqdq46f4ggxamucf666a2rnslf4xwtwwwag3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Sliver
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/add0fc7c0ee95037188480e1cf178635c0ca08bef781a8b64b2f2f69dad601b7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DemonNtdllHashes
Create hunting rule
Author:embee_research @ HuntressLabs
Rule name:HavocDemonDJB2
Create hunting rule
Author:embee_research @ HuntressLabs
Rule name:mal_loader_havoc_x64
Create hunting rule
Author:Maxime THIEBAUT (@0xThiebaut)
Description:Detects Havoc C2's import hashing algorithm
Reference:https://github.com/HavocFramework/Havoc/blob/1248ff9ecc964325447128ae3ea819f1ad10b790/Teamserver/data/implants/Shellcode/Source/Utils.c
Rule name:Windows_Generic_Threat_3f390999
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_Generic_9997489c
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_Havoc_88053562
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_Havoc_9c7bb863
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_Havoc_ffecc8af
Create hunting rule
Author:Elastic Security
Rule name:win_havoc_demon_ntdll_hashes
Create hunting rule
Author:embee_research @ HuntressLabs
Description:Detection of havoc demons via hardcoded ntdll api hashes
Rule name:win_havoc_djb2_hashing_routine_oct_2022
Create hunting rule
Author:embee_research @ HuntressLabs
Rule name:win_havoc_ntdll_hashes_oct_2022
Create hunting rule
Author:embee_research @ HuntressLabs
Description:Detection of havoc demons via hardcoded ntdll api hashes
Rule name:win_havoc_w0
Create hunting rule
Author:embee_research @ HuntressLabs
Rule name:win_havoc_w1
Create hunting rule
Author:embee_research @ HuntressLabs

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Havoc

unknown add0fc7c0ee95037188480e1cf178635c0ca08bef781a8b64b2f2f69dad601b7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3239728/
  
Delivery method
Distributed via web download

Comments