MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2
SHA3-384 hash: be91169597f668b9357aab3d11a112f3ae3f4f5ea83937022ec918a54f2e2024bb6b4caed7327d9bd2697e36c897c21d
SHA1 hash: d504a446105864d0a39fc05444d64ee32b0f8db2
MD5 hash: 946be1394e98c6be3638c20c4ba50959
humanhash: early-one-berlin-sixteen
File name:CONFIRM_PAYMENT.com
Download: download sample
File size:544'768 bytes
First seen:2021-02-23 07:14:20 UTC
Last seen:2021-02-23 08:46:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ce95782f94d8c06a522ef2ce68f3fe9
ssdeep 12288:GJZJpZFS02f46A9jmP/uhu/yMS08CkntxYRH:GJZ7ZFiQfmP/UDMS08Ckn3i
Threatray 4'853 similar samples on MalwareBazaar
TLSH CBC48D17EB10F10AE452C8B02965929B67397D321280AE03F7C16F5AA6726D7BCF570F
Reporter abuse_ch
Tags:com

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/118472/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop16.11011.11839.17462.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Running batch commands
Creating a process with a hidden window
Creating a file
Searching for the window
Deleting a recently created file
Replacing files
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/614903
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 07:15:12 UTC
AV detection:
25 of 47 (53.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wehtr5vgguk4abl3kqlsh566snnwxdxfrsz3vsq7lthhuiebhwra._file
Verdict:
malicious
Similar samples:
363755d7a78e52ae1314c7c4a485048269a9680e93bc4cb82098ca6139bfd912
4fbe77777093608a25b248db192e96bb062da46835e2739c07922c39cfbb0d57
54f76bffd468bfb38aaf0adb0fadbfc9fa3a947b420d002c2206e57c805e6000
5bd645a7783a25d2caa48ee448ad1e47c00ae25e5a7fd9b304ad9422e9e79fd5
6d1939969f1763fa1f69073ed09fa37d443fd3a6739584bf5943ca8e54963023
7576e8a1595d88b7cdb00bb00648c86a60a2e2f7e24442451c528553f467ec04
930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1
b2db0dad3f1acb31633bc8d135453b5141d75ce89212a303a9148a40f60eb917
c68eae2a2fb14e31a3099eee2c2f7d880653a7ed87ede88c638541854e01d3c2
cb23f5a566bfa91b51d3ecd344e3f6025023463532fa4d5edf5d0785814529d7
+ 4'843 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210223-3nnfpehs9n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2
MD5 hash:
946be1394e98c6be3638c20c4ba50959
SHA1 hash:
d504a446105864d0a39fc05444d64ee32b0f8db2
Link:
https://www.unpac.me/results/68183b18-b1da-47ec-9ddd-8971b1f4b1ff/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe b10f38f6a63515c0057b541723f7de935b6b8ee58cb3baca1f5cce7a20813da2

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118472/

Comments