MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651
SHA3-384 hash: 51f3606c3217dea13e66e22350be7e147e2bcd2b5f6f8a2b4a4d295288bb12140b33bf8c00401cb997c0780e8e07789d
SHA1 hash: b1cff47d16cd01c49b78f25f8c201f91e40581d7
MD5 hash: 5ed4eeac4456d4661c25ba66ece338ef
humanhash: carpet-autumn-sierra-black
File name:5ed4eeac4456d4661c25ba66ece338ef.exe
Download: download sample
File size:372'224 bytes
First seen:2021-06-26 10:49:36 UTC
Last seen:2021-06-26 11:45:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1465dccf6e4ac51fee47e91b6181067d (2 x ArkeiStealer, 1 x FickerStealer, 1 x Smoke Loader)
ssdeep 6144:u2w8CsgVxkx6n7hsHLdEM1++p+X3IZxUSHcbNA7/zsEqu2bZ837kL:u7I6nwiM1pAGUBGYJFQ
Threatray 124 similar samples on MalwareBazaar
TLSH 9B847C00B6A1C035F6F616F4897A93AC953D7AF15B6040CB62E4EAFE56386E1EC31317
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5ed4eeac4456d4661c25ba66ece338ef.exe
Verdict:
Malicious activity
Analysis date:
2021-06-26 10:51:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/96a504a7-953b-4926-aec7-9ed943b63bf5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168475/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.13280.24813.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4f0985c9-5db2-4781-a122-42672baf2a0e
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/808453
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-26 10:50:15 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1cccfc83a668d9ac87ad438bc7428d7d4eb7c224e437d37d15b7e7a274468545
26c9efda91b44bd3b22646ee7e1bf6da939dca186890fae2a1fde4cb1adee352
2a12ae5aabbbe3e508d3b69e3cad540c351ad3021d895303094f54523c99e0d4
3991ded07d37f90d15c445a0cce467a74d0e761b533815a9b7d2e82e3cd47eee
ab294916301557820040d4685f559037fadaa608abaa9f56d30c3a3230580d74
b3daa8d8b247d807ed0619e9f246a6769aa8334f61586a2579ea4886ffca05c1
d944f7f322c1ae6f36f76069e6c9351d5b19e108b26460cb903aacd115975dfc
dafe70cbc4be879f7eafd15ecb2caf9bd3db72685512dd8fadd13dda367d3156
dbcd0fdcba542380094cc8ef4daa0d0a866f106e08e6637105610d61651ddd0c
f24b525295374178f81ce9b8a6ab6c0bca5ea718e6286833116268d27f8ec847
+ 114 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210626-6568lnfg6x/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
b2a049b580ef2fe23defefd78644442329b1378213c59357fbec5e24555aac44
MD5 hash:
f9e3e8dcfbfaf22d61687c78a2ff20fa
SHA1 hash:
439731b1bf2b800c2ed8c18fcd14b8ecc25eacc9
Link:
https://www.unpac.me/results/7383928b-c4eb-4a01-9ead-9455318b9b1c/
SH256 hash:
b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651
MD5 hash:
5ed4eeac4456d4661c25ba66ece338ef
SHA1 hash:
b1cff47d16cd01c49b78f25f8c201f91e40581d7
Link:
https://www.unpac.me/results/7383928b-c4eb-4a01-9ead-9455318b9b1c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b0e81166e58cc1a5994f442585494035d658b24f232e6ed51f09f693f6549651

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/168475/
  
URLhaus
https://urlhaus.abuse.ch/url/1400216/
  
Delivery method
Distributed via web download

Comments