MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b152ef883969e3ffb867b66a13e28efd90fcdc3201824a6dc55437554097e98b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b152ef883969e3ffb867b66a13e28efd90fcdc3201824a6dc55437554097e98b
SHA3-384 hash: 924aa0d4ef00c7e0285227d9f285025fbadbc8b1e467b8c36181853ac18eab956dae6f0af0a4594febdc99fca234e687
SHA1 hash: 6a933eba7f5aa5fd9bfd68e175d88251dc9ee3b4
MD5 hash: e7a8ef43ed02d72fae15d697ab0e681b
humanhash: six-maine-chicken-fish
File name:49cbbb6aa0c68ac0e40cb49d829850a6
Download: download sample
File size:2'853'002 bytes
First seen:2020-11-17 11:32:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d1f0da408c33eebb70b9bfa17b7fddc (4 x njrat, 1 x Jadtre)
ssdeep 49152:WaX3yq8XDY2Td2l+xysLqmiuUyKFAMkq9xraNSNzHznVxLgKGKho:WaHyq6d2UlcAcTrIS1TnV6BD
Threatray 33 similar samples on MalwareBazaar
TLSH 26D533517BD0D0B2C147503188198E72F63DF476A956818A7BCA5F387E36AE9CB3B702
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Dropper.Nssm-6917179-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file in the Windows subdirectories
Deleting a recently created file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b152ef883969e3ffb867b66a13e28efd90fcdc3201824a6dc55437554097e98b/
Threat name:
Win32.Trojan.Babar
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:33:40 UTC
AV detection:
8 of 29 (27.59%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
09f671389b1751b349057fbb454c9a8263e95fbb8af54f47a016abad4a925472
3494fdebd477fb45b537334f415f6e7b56ad7aa2764f80472ee7cb705d30eb65
3eb825e55857afc9c56dd4357f4223632fb5f5bb96d3acff8e444278e373eefb
4d4b219a3788d8e40bd7083d421e3d7d399a065bd53afb6e74d3fb7ab2bc09bd
6b9866969b0dcd61b84d7251526d527c48226564d6681db44bacc9c538538d35
9e2bea46ed015f98e1fb7591e83f1cac52c51f5e3f004cc6a57c508dcef134e0
bf8e538a1d561cdae7c44e0e722e114c9f9e71bf30a6aa1ddbfca6d4998796ba
db6f7b795e59ba384c7bba66f9c4fe4fd68a6cab3c38b7b70a1154dc2319106b
e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec
fae7f26d7b1d09486a585023081493b1315895d9ebf6dac3a56cdd4e32590424
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-4mwmvkqbxj/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
b152ef883969e3ffb867b66a13e28efd90fcdc3201824a6dc55437554097e98b
MD5 hash:
e7a8ef43ed02d72fae15d697ab0e681b
SHA1 hash:
6a933eba7f5aa5fd9bfd68e175d88251dc9ee3b4
Link:
https://www.unpac.me/results/f4e76bb7-f7ee-4505-9ec7-fd709752af1a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments