MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b039b93d8cf1911397f74a703784d69363544f97f059266256cbaf419e8b2c3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b039b93d8cf1911397f74a703784d69363544f97f059266256cbaf419e8b2c3e
SHA3-384 hash: c05ed958eaf98cf71045e18d1934bcc3c5f5be9629c73cb3831332ebfdfeb72cb351e83e2b904542233cc0df15a454b2
SHA1 hash: 0dc92779c7bb4c9d6c3a02ffa176199f652b3976
MD5 hash: 6bfc3d7f2de4a00fac9b4ec72520209f
humanhash: west-paris-alanine-lactose
File name:6bfc3d7f2de4a00fac9b4ec72520209f
Download: download sample
File size:399'872 bytes
First seen:2022-01-08 19:15:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash adc070d713b11b58df50e9c2e148c1f7 (1 x Smoke Loader, 1 x OnlyLogger)
ssdeep 6144:Ab0yasxDZDYbVJU9Dwsn/m5eo7CKS6O4gySTePDyB9nb41xqGONesE:AYZKlUbVJeEYu9OVxePmBix/aE
Threatray 7'568 similar samples on MalwareBazaar
TLSH T1A284BF14EBA0D035F1F712F849769368BA3E7AB14B2490CB53D526EE46786E0EC3171B
File icon (PE):PE icon
dhash icon 2dac1378319b9b91 (29 x Smoke Loader, 23 x RedLineStealer, 22 x Amadey)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
344
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6bfc3d7f2de4a00fac9b4ec72520209f
Verdict:
No threats detected
Analysis date:
2022-01-08 19:17:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e482ff43-4bb9-482b-bdac-a33ed319bd51

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/217850/
Detection(s):
Win.Packed.Generic-9917434-0
Create hunting rule

Win.Malware.Generic-9917504-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Unauthorized injection to a recently created process
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3878/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed ransomware
Link:
https://www.filescan.io/uploads/61d9e2f61c0d769df9d8fb4c/reports/e37f2e09-2fed-4069-bcd7-cde46726f8e2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bd26b041-7579-40b9-a764-670815b23a55
Result
Threat name:
SmartSearch Installer
Create hunting rule
Detection:
malicious
Classification:
rans.phis.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/917178
Signature
Contains functionality to inject code into remote processes
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies Chrome's extension installation force list
Multi AV Scanner detection for submitted file
Yara detected SmartSearch nstaller
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b039b93d8cf1911397f74a703784d69363544f97f059266256cbaf419e8b2c3e/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2022-01-08 14:57:03 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0cdd906491990c6ba9c24bdd60172057587859a8e649ba7f4b51fece9a0fdac6
162ab00c0e943f9548b04f3437867508656480585369cb705613dd3accfd54c2
7be418280356c7dc0384328a50904f3cee364185aa7f99e127e511461cd6db5c
dcf4ecc6d3b70a3e11077862b9e3830806191f0718eecb525a3e7d24246c0287
e5fa3a5fc4f1e1c8286a6bd37ea4b40f6879e629f27e64e7dd491fb42dc6fe36
f2433dfba69148a0c3a5a5951d360b6c3c045090de06f11e273f13ccd01c42f3
fe3ae99417e0d632995ad5ceeccc4c0b308b8a30d2c93031f15837b607b8552b
+ 7'558 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220108-xyssvsdbg8/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
f147472617d014e1ac9640069046ce091472b2528414f5fd1deb68bec87e6281
MD5 hash:
36f7b8ac26f4982057b43ce2592cee19
SHA1 hash:
2aae67f854dc3a210cf55c6062f4e8b9934676b7
Link:
https://www.unpac.me/results/d31b17a8-7609-4061-8aff-f50cb4bb75d6/
SH256 hash:
ae9951a76e4840f886bf15c9fce66bb4eecc42802c03ce43529b0cc81ddba9c2
MD5 hash:
afb91ac1a0e9057bcb501cb91306b40c
SHA1 hash:
1a3688766243f0b268a7e1c8adce79c4d7227e2b
Link:
https://www.unpac.me/results/d31b17a8-7609-4061-8aff-f50cb4bb75d6/
SH256 hash:
b039b93d8cf1911397f74a703784d69363544f97f059266256cbaf419e8b2c3e
MD5 hash:
6bfc3d7f2de4a00fac9b4ec72520209f
SHA1 hash:
0dc92779c7bb4c9d6c3a02ffa176199f652b3976
Link:
https://www.unpac.me/results/d31b17a8-7609-4061-8aff-f50cb4bb75d6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b039b93d8cf1911397f74a703784d69363544f97f059266256cbaf419e8b2c3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b039b93d8cf1911397f74a703784d69363544f97f059266256cbaf419e8b2c3e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1958271/
Cape
Cape
https://www.capesandbox.com/analysis/217850/

Comments


Avatar
zbet commented on 2022-01-08 19:15:19 UTC

url : hxxp://45.144.225.57/EU/search08eu.exe