MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8
SHA3-384 hash: df6a5e42294f5dd7f72f9e899ed101ea9140b53eb047d021d162d59bed644380b34c08f81ec55bab1cadc1ed17f686c7
SHA1 hash: c549ccfca38b654af3e95e53e678b1ddc2528bed
MD5 hash: e3447210fe61037f8afd2e3a5e1ebf96
humanhash: chicken-may-oklahoma-apart
File name:e3447210fe61037f8afd2e3a5e1ebf96
Download: download sample
File size:1'389'568 bytes
First seen:2024-01-17 06:42:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc5d3d653af3c3decf6e755f0007c4f6 (11 x Amadey, 1 x LummaStealer)
ssdeep 24576:GiVUvQd7LE6g5XKhvGieFgzzrrxFUVvkvcOwATsPdIGL6IlgktwSYPvFIDEl:JVUv4LvGdFgD1Lk0TsVITAtwSY1I
TLSH T1755533352EA1719BC628B5F624B0D32AD2331514A7B28C60D6CDCD6DB7B363B6B1D8D0
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
518
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8.exe
Verdict:
Malicious activity
Analysis date:
2024-01-17 06:46:07 UTC
Tags:
amadey botnet stealer loader
Link:
https://app.any.run/tasks/5d2d1473-931f-46e8-9caa-97b97fed4f4c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471256/
Detection(s):
Win.Malware.Zudochka-9892429-0
Create hunting rule

PUA.Win.Packer.EnigmaProtector-9852682-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
enigma lolbin obfuscated packed packed shell32
Link:
https://www.filescan.io/uploads/65a776f799da41ccd7d64917/reports/377c39d7-3c5d-482b-947d-5f97aa672566/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Spark
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c5c9d6ea-d699-4197-9528-e8032fcc5975
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1375874
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8/
Threat name:
Win32.Trojan.Znyonm
Create hunting rule
Status:
Malicious
First seen:
2024-01-17 06:43:09 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wcctd76w7hsbnhcjxglpj6guuvcwyxg44y676lslydiezmhjudua._file
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240117-hgxcdsachm/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8
MD5 hash:
e3447210fe61037f8afd2e3a5e1ebf96
SHA1 hash:
c549ccfca38b654af3e95e53e678b1ddc2528bed
Detections:
SUSP_XORed_URL_In_EXE
Create hunting rule
Link:
https://www.unpac.me/results/cc99c28b-e792-4a02-8326-fe039e31c9d4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.74
Link:
https://yomi.yoroi.company/submissions/b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:SUSP_XORed_URL_In_EXE
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b08531ffd6f9e4169c49b996f4f8d4a5456c5cdce63dff2e4bc0d04cb0e9a0e8

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2749106/
Cape
Cape
https://www.capesandbox.com/analysis/471256/

Comments


Avatar
zbet commented on 2024-01-17 06:42:37 UTC

url : hxxp://185.215.113.68/mine/amer.exe