MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c
SHA3-384 hash: 53286930e5457f4ada4e1103b2f52f0310e50f770305656c74fa52c4c47a7e253a537c418623774511191003220de361
SHA1 hash: 7134d8f1b2cb6ed5b373b8bf473fa1942e03dca9
MD5 hash: 17125ba3cbeeebbcccd5dcea1be1ae00
humanhash: maryland-three-paris-ink
File name:Telegram中文版.exe
Download: download sample
File size:2'284'276 bytes
First seen:2022-05-21 11:56:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:AHoCTuhhWCh1s/FHmm4YceE6xNRV/jLwzA/+63lqHjj4kOKfJ4:AIC6v/h1U0m+ehxPJPR3laXrJ4
Threatray 127 similar samples on MalwareBazaar
TLSH T120B533E5399EC284C9E9173F9AD34AFF3A297C942C3D271ABF81715C127A24D05523A3
File icon (PE):PE icon
dhash icon f8fce8e8f0d068b1
Reporter obfusor
Tags:exe RAT rootkit

Intelligence

File Origin
# of uploads :
1
# of downloads :
452
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Telegram中文版.exe
Verdict:
No threats detected
Analysis date:
2022-05-21 11:58:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/740c9006-e56e-44a3-892a-e7cbcf9661ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/273308/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for synchronization primitives
Creating a window
Launching a service
Sending a UDP request
Launching a process
Creating a file
Creating a process from a recently created file
Changing a file
Searching for the window
Enabling the 'hidden' option for recently created files
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
flystudio packed wacatac
Link:
https://www.filescan.io/uploads/6288d3613ec49f83a6bcef98/reports/ce53e358-a3b7-4855-a7be-d5c54be0e9cf/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/1cfbb956-bad5-4715-b8fa-5cab89fb7bb0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/999074
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Performs DNS queries to domains with low reputation
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-05-21 11:57:18 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
18 of 40 (45.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
076060213e85fd0ce5632de3a579668d6ac167700380fe8c200c54d609d2521f
5430394ea19a7c57dea6d2d07c389bb5fd12bb4e3e64f98911148ae0f870dfdf
5b318a71a891d9f64fff9de8dc4868c9d1e563701a8272a6b281f295c7bdd43d
61d1d245455ca4edd8e676fc53b3801b0e75d7cd73226947d11b97e18faf880e
6ec7aa60afcb5b409e55f0a47ff4ba273f1c9e28f7bd5c9f32b1d749ccad0719
76005ce2b7eb0c95f8dcc06b501244c73b17b3aff65e78c672c4a6ae56e67306
bd8be738f2dae2cac76f492d4e4b66bebbe3c42dfeee3ef58510a89c571b86e1
d408f5343ed5b5f9fe728f6fb44f6b3255e7ef5e97408ede945a1255c18090d3
ef74de060d6351cd515504f3314efde0becfee073d9eec3a4b68c6e0de7195ad
+ 117 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220521-n323naeeg2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
suricata: ET MALWARE FatalRAT CnC Activity
Unpacked files
SH256 hash:
b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c
MD5 hash:
17125ba3cbeeebbcccd5dcea1be1ae00
SHA1 hash:
7134d8f1b2cb6ed5b373b8bf473fa1942e03dca9
Link:
https://www.unpac.me/results/46dc49d5-671d-466f-8c4d-4fa5c6c1b788/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b1e3da936d66/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/273308/

Comments