MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aed41e658220a17e049af66aca06dd04f9fb1133af2ffd05b4e7405c1c93a43a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aed41e658220a17e049af66aca06dd04f9fb1133af2ffd05b4e7405c1c93a43a
SHA3-384 hash: 51eda029ed4f905de848048eebf01450ee622a0eb67890520204397cacb9ce07e720df565116c7f635bb6e95afeff331
SHA1 hash: 1c67a87fe25624d017a9d2722189fe4294671576
MD5 hash: 336a3689185ddeecc23786cdd049d9a6
humanhash: london-blossom-hamper-hot
File name:336a3689185ddeecc23786cdd049d9a6.exe
Download: download sample
File size:243'712 bytes
First seen:2021-11-23 20:10:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:llpDJC2msILDt75RISAGGwGGGGi/cNmGzc3A64:pDJGZLh752sU3z4
Threatray 618 similar samples on MalwareBazaar
TLSH T18E349EA1AA38C953C7D11AF2C963C1F493A96E25283785825D397F2B307AF4B8D471C7
File icon (PE):PE icon
dhash icon 71e4cae0b29ef061 (1 x NanoCore, 1 x Stopwar)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
HQOJYDDDF.exe
Verdict:
No threats detected
Analysis date:
2021-11-23 18:38:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2810f24f-6352-4619-9bfc-8f0e5aa92fc1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/619d4addb71ceed4152d708b/reports/9f2689f4-af4d-4d55-b26f-25e91eb64197/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/249de3ef-e634-4ff5-b09f-c584d923e1ef
Result
Threat name:
IPack Miner
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/895034
Signature
.NET source code contains potential unpacker
Connects to many ports of the same IP (likely port scanning)
Creates an undocumented autostart registry key
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected IPack Miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aed41e658220a17e049af66aca06dd04f9fb1133af2ffd05b4e7405c1c93a43a/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2021-11-23 20:11:13 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
20
AV detection:
17 of 45 (37.78%)
Threat level:
  3/5
Verdict:
suspicious
Similar samples:
02fcb6cdd4b61cbf7f40448784a36d0067e618cac935aebf6fd6f482af076ba3
1e62a15bef6c5fbd94137a339272e93ee6b646f1f18a68a5e52d6e19dea03420
24fcb2c5bee18a1ace6dca1924a4fa86d0840a29ebfebd271a4f1399e758a895
2af6f37a02bc512145fe57de3bb9b8a334267f927bb2c9032485717829861ea7
30f3eecdbc1298dc6ba731ffc775390ee61b2bda813ba8f7763c9c39293ce33c
685dce7a17356b2a9fe68600ab29af885c591d23221e8f65396478d3a1f5ae03
6c0b8d19ccb66f0fbe99c4882d620a3bc5c95a78e67a8fc7f69918c404bfd4a0
+ 608 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/211123-yx967aedb2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
aed41e658220a17e049af66aca06dd04f9fb1133af2ffd05b4e7405c1c93a43a
MD5 hash:
336a3689185ddeecc23786cdd049d9a6
SHA1 hash:
1c67a87fe25624d017a9d2722189fe4294671576
Link:
https://www.unpac.me/results/75a6b130-dea3-4af9-8834-c35c1800ad27/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aed41e658220a17e049af66aca06dd04f9fb1133af2ffd05b4e7405c1c93a43a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe aed41e658220a17e049af66aca06dd04f9fb1133af2ffd05b4e7405c1c93a43a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1806542/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/208821/

Comments