MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817
SHA3-384 hash: f20741bb820a35a2bfc150813e93e0747c6b135615cb7dfe93b5504f5d12561798f4d118f543f0a0ea8e46485dec75ce
SHA1 hash: 6f6a554ac80690c2baf8dcdc2348f9bccc49eb48
MD5 hash: be7c117282243faa1f8071798ca554e4
humanhash: nevada-sixteen-beer-freddie
File name:be7c117282243faa1f8071798ca554e4
Download: download sample
File size:57'344 bytes
First seen:2021-08-07 16:11:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash de794eaa348bcab90828044bdaf70bdd
ssdeep 768:0OI8YVeUvnXH9+msT0k7U96PgXUNmTU9NEeelZ5:HfOeA+msT+6Rw4HKlZ5
Threatray 1'234 similar samples on MalwareBazaar
TLSH T1C3438D077993C077D8A241B129794F9A977EBA3007609AD3A3945F0E2D705F2EE39347
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://keygensumo.com/sy/debut+nch/
Verdict:
Malicious activity
Analysis date:
2021-08-05 20:06:47 UTC
Tags:
evasion trojan rat azorult stealer raccoon loader pony fareit redline phishing opendir
Link:
https://app.any.run/tasks/eae96f44-1f8c-4a1d-9edb-2424b9c04e8d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177170/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/49c1ad0e-200a-4d17-b837-c918aa2db949
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/828649
Signature
Creates processes via WMI
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-08-05 19:30:00 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
2ebed9b4977e1d4bbf83705b8665f19ea7d2aa5f48bbeef15d2264486a4c4a20
4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94
71f5bb7d9ace05cfb89e95843499c1c19ca1d6c8b1cd66561d24ceb9ffa94862
72b24e99cdd46d7cee31af6d8858782b775db1753d4ed954774a2b1306d5dd89
76b87f4f61c849a8af46ebdcb899a0bea036b18f6b473bed34562212eab16b93
93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f
ae23b1d2d4ab785d755af246d6d82fca9fab091dbb4f886ac136812805354efd
b8338eda2c7390860da3bd4a37104b409235131406d9b4d30a78b5d4189cf317
+ 1'224 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210807-2f3x482x7s/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Unpacked files
SH256 hash:
b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817
MD5 hash:
be7c117282243faa1f8071798ca554e4
SHA1 hash:
6f6a554ac80690c2baf8dcdc2348f9bccc49eb48
Link:
https://www.unpac.me/results/ab1dbf1b-e8bf-407e-971c-564a6782f349/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/b3a8286a1312/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b3a8286a131214d6ea89a1ecd19b52fff3f5abc01968f2fd99df48bec9b99817

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/177170/

Comments


Avatar
zbet commented on 2021-08-07 16:11:53 UTC

url : hxxp://a.goatagame.com/userf/25/anyname.exe