MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3f78a3f3823808cf3622128fe076552fb8bbdbedad1fe60607ab6f9981697f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3f78a3f3823808cf3622128fe076552fb8bbdbedad1fe60607ab6f9981697f4
SHA3-384 hash: f97585b8915fbac5fde920c1541249e656699215a0063b4a6807397d9172bb8b5aea8b360fe911c79d4db9e96fe38ef0
SHA1 hash: 4afdcd05300735d0b23d7bf0068f98dc71a3d59b
MD5 hash: 9074f8806ebcff10cfb69e1e66caafc5
humanhash: undress-green-undress-red
File name:9074f8806ebcff10cfb69e1e66caafc5.exe
Download: download sample
File size:5'407'556 bytes
First seen:2021-02-25 10:57:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be41bf7b8cc010b614bd36bbca606973 (195 x LummaStealer, 126 x DanaBot, 63 x Vidar)
ssdeep 98304:xmaCw1Vf8tu9nbRTirsn2tIdEK8rtV/G5qU0Vb3c50pM8BzujfWfgf:xvj1Vf8tMwrsn2kEKB510C50pZBzmfWw
Threatray 42 similar samples on MalwareBazaar
TLSH 2046338BB1F7CBF5F9C46D712CAE876A97B17C60232BEB14324271681C66C69C518363
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119200/
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.Mpress-7
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/618618
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3f78a3f3823808cf3622128fe076552fb8bbdbedad1fe60607ab6f9981697f4/
Threat name:
Win32.Trojan.SelfDel
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 10:58:08 UTC
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
23b038034753de2b160a1039ad4f724f0cb75d57d0f73af56d592850c82a20cb
49771de8bcea44c22d54d1eebc9f05ff0d33f66355fbf9dd77e7e891cd062bcc
5c7291c8c0c9aae91453faabe543abd6da50a2600ba74cd9fd1faa18a939cd4b
6d5a0cabd7fe5be134e8c2e1e509af2ffcdfc7e2f4009a94880fcca080874d9d
75223973ad04247918d1e7f3145f29872eba7c30583788fe71ae61233da4df71
8e76055823664f0cabcd8fdd17ccdef01f0dcc584346b59d8c0dfbfefa547ab2
a60bca7fe5f791929252f0ecb6f3bc54f0e29805cd7f4b0cad671c9fd0d23a12
bc72fe3773c493bad93eb42d13397d7c6a5e910f1c964d274cd728326a4a1ed7
c6fabe2e224e7c72496f3fbd3241ee6aeef85ee68611c1b0e518cb420cfa2459
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210225-a8prbkadan/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Unpacked files
SH256 hash:
b3f78a3f3823808cf3622128fe076552fb8bbdbedad1fe60607ab6f9981697f4
MD5 hash:
9074f8806ebcff10cfb69e1e66caafc5
SHA1 hash:
4afdcd05300735d0b23d7bf0068f98dc71a3d59b
Link:
https://www.unpac.me/results/e4fb9815-2e8d-4648-a5e8-162634b234e6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b3f78a3f3823808cf3622128fe076552fb8bbdbedad1fe60607ab6f9981697f4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1028052/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/119200/

Comments