MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2
SHA3-384 hash: ec1808c3a06e42be19304504c4daae9d2c2aafc279833d3f7244bf5beda9a2d7625782d5c9d3c6984ef08cdbd02b98e6
SHA1 hash: d9fa1bb620817b4c3f8514225e8ee69949562fa4
MD5 hash: 9254b4c766a452f1c7eb6f1378ee5fec
humanhash: leopard-snake-artist-crazy
File name:file
Download: download sample
File size:3'733'504 bytes
First seen:2023-10-21 08:19:33 UTC
Last seen:2023-10-22 10:40:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 98304:1yN15U7E78LXSMkqlvPxbGorfS9qom0BDjaHY/J3Ve9PaP8JiCfvihYNTw35QBRE:1yN1i7EwXS1gvPu27viCNE
Threatray 23 similar samples on MalwareBazaar
TLSH T1E9063A2D7A55A9AACEDD22F1935B4C2ABF9DD5431300A24F374993CDB30C192A60C79F
TrID 40.9% (.EXE) Win64 Executable (generic) (10523/12/4)
19.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.0% (.EXE) Win16/32 Executable Delphi generic (2072/23)
8.0% (.ICL) Windows Icons Library (generic) (2059/9)
7.8% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9f9e9f9fe7673338
Reporter andretavare5
Tags:exe


Avatar
andretavare5
Sample downloaded from http://lakuiksong.known.co.ke/netTimer.exe

Intelligence

File Origin
# of uploads :
35
# of downloads :
340
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2023-10-21 08:23:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cbaf5dee-7b8f-464c-a9d6-9aac4d894592

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.2228.4630.631.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Using the Windows Management Instrumentation requests
Creating a file
Sending a custom TCP request
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
net_reactor packed packed
Link:
https://www.filescan.io/uploads/653389b4c2a76fbfed3038c6/reports/055c28a6-c010-4795-8b5a-c486303f42a4/overview
Verdict:
Malicious
Labled as:
MSIL/Packed.DotNetGuard
Link:
https://www.hybrid-analysis.com/sample/b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a1cdc1b8-c227-466a-b701-0a84e538b30e
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-10-21 08:20:07 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
21
AV detection:
12 of 23 (52.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wp4osfqsfoyekjedlfigea4ssyxj4h5c5uoe3o4z7oter5iqs3ja._file
Verdict:
malicious
Similar samples:
1599376e93d7547f902ba3b313dc59da147b8a806c089e80ce29150e86e71938
56bd7934f080701e491c79a5513dbec93f0996b7737a8c9b63218451020d37a3
583bb69ba85c772ce390df4ffd381812a597433089de0dead134dd4cea5e6484
bd61459061571af387a855ff79aa71ab1a0b3f2005572a789c71cccd12a6fdce
c6ac860c1c4c54aedf7664c5b173b81b3a766c1bff8a26b4fafb8277b2f725ec
eedfd015089bc78818088b6f2466da62bb50da8dd4a940990a2c19a30cba9b2b
f13932164c3348dfefff35921c2f1b7944ba40529ca4fb50eac71fc8da15f6d7
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231021-j8e3vsde3y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2
MD5 hash:
9254b4c766a452f1c7eb6f1378ee5fec
SHA1 hash:
d9fa1bb620817b4c3f8514225e8ee69949562fa4
Link:
https://www.unpac.me/results/ab72c3bb-3cc7-4eb2-a296-60b91db66d63/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/b3f8e916122bb04524835950620392962e9e1fa2ed1c4dbb99fba648f51096d2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BAZT_B5_NOCEXInvalidStream
Create hunting rule
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Author:qux
Description:Detects exe does not have import table
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2718410/

Comments