MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b16699483887000593c79b49c54284d2c0bd4c9a9554f4a398b9deccae784fdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	b16699483887000593c79b49c54284d2c0bd4c9a9554f4a398b9deccae784fdd
SHA3-384 hash:	019dcc0c489c76f9964ca9fbc4846f2256cf271a91085f837c765aa37168c73d7ba1eda47906696131822700a28ae404
SHA1 hash:	bb0d9da4099681cfbf934460d98675e31205a91c
MD5 hash:	036ae3f25d9e76d067f41edc6cc63df7
humanhash:	romeo-grey-eleven-lemon
File name:	factura-btbeqfkswvuqldhhw.msi
Download:	download sample
File size:	3'785'728 bytes
First seen:	2021-09-09 06:52:41 UTC
Last seen:	Never
File type:	msi
MIME type:	application/x-msi
ssdeep	49152:XZqwSxwOQhX9uS0UIJnxH9RyZzg/yWTkfcJTTRU6MOHf2DOYLFA:UwFOVxHGZEkf+ZHyOYhA
Threatray	135 similar samples on MalwareBazaar
TLSH	T1F9067D27F244953BD0AB0F3E49379654983F7E612B168D5F26F8594CCE392403E3AA4B
Reporter	abuse_ch
Tags:	msi

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/186506/

Detection(s):

PUA.Win.Packer.Exe-6

SecuriteInfo.com.RDMK.cmRtazpKxKzi0pVLtXUmAmezzdjf.17904.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/b16699483887000593c79b49c54284d2c0bd4c9a9554f4a398b9deccae784fdd

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/847864

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b16699483887000593c79b49c54284d2c0bd4c9a9554f4a398b9deccae784fdd/

Threat name:

Win32.Downloader.BanLoad

Status:

Malicious

First seen:

2021-09-09 06:53:12 UTC

AV detection:

10 of 43 (23.26%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wftjssbyq4aale6htne4kque2lal2te2svkpji4yxhpmzltyj7oq._file

Verdict:

malicious

1c7e777006e470757850056a270f2026658d563b4ca6b1b0644de967e1d87bd2

2f5958ef72eab8ecb7d91cba766ea7324502fc70797f7668afa9dcc9fa7ab431

2fc55fe4e660a65b3a7021b5fa7048628e58c335d1fc3db0a4b62bdfc9a26e67

447157a9abc75d0c95e6ee0ffa7d8865280c637e7a469992619f06f21f01275c

460d5bf1f0afec2ef5a0e5cae8c97e55594256677534009a8dd06bed56350ae0

c5c926fee5c5ce70a0bd8dec5f97c808fa863517fcb266ee9341b1598d96193d

db827664d924cee347ceed8264f97be9183a2edfe4ab8cd602b443df7f28c5ed

e7929b41f6211185990cd523debd50156d6a74433fc04b13cb5cbdf6f25d403a

efe1d69eb6925530a15fc55b936d1a5eaa8fd93915d0a5b58758ec807ea7b7de

+ 125 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/210909-hnp7naahbr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Enumerates connected drives

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b16699483887000593c79b49c54284d2c0bd4c9a9554f4a398b9deccae784fdd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	suspicious_msi_file Create hunting rule
Author:	Johnk3r
Description:	Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/186506/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample